Ubuntu is a community-developed, Linux-based operating system that is published and commercially supported by software development firm Canonical. Like Canonica
Security Software Engineer
Location
Worldwide
Posted
63 days ago
Salary
0
Seniority
Senior
Job Description
Security Software Engineer
Canonical
• Define, implement, and document new security features • Lead security-focused initiatives within a product engineering team • Analyze, fix, and test vulnerabilities in open source software • Contribute to Ubuntu and upstream open source projects to benefit the community • Audit and analyze source code for vulnerabilities • Integrate new tools into our security infrastructure, pipelines, and processes • Achieve and retain various security certifications • Extend and enhance Linux cryptographic components to meet country-specific compliance requirements, such as FIPS and Common Criteria (CC) certifications • Work with external partners to develop Center for Internet Security (CIS) benchmarks • Design and develop hardening automation for Ubuntu • Stay up to date with trends and developments in the security industry • Develop, test, and maintain new software capabilities • Provide guidance and support to other engineering teams on security best practices
Job Requirements
- An exceptional academic track record from both high school and university
- Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
- A track record of going above and beyond expectations
- Thorough understanding of the common categories of security vulnerabilities and how to fix them
- Knowledge of modern software engineering techniques
- Familiarity with open source development tools and methodologies
- Skill in one or more of C, C++, Python, Go, Rust, Java, Ruby, PHP, or JavaScript/Typescript
- Experience as a security champion
- Experience driving security within a wider SSDLC process
- Professional written and spoken English
- Experience with Linux (Debian or Ubuntu preferred)
- Excellent interpersonal skills, curiosity, flexibility, and accountability
- Passion, thoughtfulness, and self-motivation
- Excellent communication and presentation skills
- Results-oriented, with a personal drive to meet commitments
Benefits
- Distributed work environment with twice-yearly team sprints in person
- Personal learning and development budget of USD 2,000 per year
- Annual compensation review
- Recognition rewards
- Annual holiday leave
- Maternity and paternity leave
- Employee Assistance Programme
- Opportunity to travel to new locations to meet colleagues
- Priority Pass, and travel upgrades for long haul company events
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Tutor Me Education is reshaping how students learn. • Provide support to students all across the country. • Virtual instruction from your home computer.
• Utilize NDR, EDR, real-time streaming, and SIEM technologies to develop robust threat detection capabilities • Build and optimize detection rules leveraging real-time data streaming to enhance detection accuracy • Design enrichment pipelines and automation workflows to enhance the precision of threat detections • Develop correlation logic and automated processes to create high-fidelity threat alerts • Build compliance and recoverability of customer Data Analytics solutions, including SOPs, data onboarding, normalization, enrichment, and system maintenance • Create automation playbooks for incident triage and response • Align detection content with customer-specific Use Case Frameworks and provide metrics on cybersecurity threats impacting their environment • Collaborate with customer cybersecurity teams to cover gaps and enhance enterprise posture • Support enterprise Cybersecurity, Information Technology (IT), and Operational Technology (OT) teams by providing dashboards and other data exploration tools • Stay continually aware of emerging cybersecurity threats and trends, adapting detection strategies as needed • Work closely with customer teams, including Cybersecurity Operations Center (CSOC), Operational Technology (OT), and Incident Response (IR) teams, to ensure detections are actionable and relevant • Provide feedback to improve the customer's security framework and overall security monitoring strategy
• Analyze product security requirements and apply industry-recognized methodologies to translate them into effective security controls. • Design and support the implementation of secure cloud architectures. • Audit externally developed product security designs, document missing security controls, and lead efforts to analyze and implement security improvements. • Conduct threat modeling, attack surface analysis, and attack tree creation for products running on cloud platforms. • Research, review, compare, and propose technologies that meet client requirements. • Perform comprehensive security posture assessments through various methodologies. • Validate CI/CD pipelines and audit deployment configurations across various hosting environments. • Ensure that implemented solutions align with the product’s security architecture and requirements. • Document and present product security risks in both technical and business contexts. • Lead and support a small team of security engineers and consultants in assessing and researching cutting-edge technologies.
• Technical leadership on major projects involving emerging technologies. • Researching, analyzing, and resolving demanding technical challenges. • Driving threat modelling, attack surface enumeration and attack tree creation activities across applications. • Planning and supervising end-to-end security posture assessments via source code auditing and functional testing. • Documenting and presenting product security risks.
