Senior Security Software Engineer

loudBees, the enterprise software delivery company, provides the industry’s leading DevOps technology platform. CloudBees enables developers to focus on what they do best: Build stuff that matters while providing peace of mind to management with powerful risk mitigation, compliance, and governance tools. Used by many of the Fortune 100, CloudBees is helping thousands of companies harness the power of continuous everything and gets them on the fastest path from a great idea, to great software, to amazing customer experiences, to being a business that changes lives.

Backed by Matrix Partners, Lightspeed Venture Partners, Verizon Ventures, Delta-v Capital, Golub Capital, and Unusual Ventures, CloudBees was founded in 2010 by former JBoss CTO Sacha Labourey and an elite team of continuous integration, continuous delivery, and DevOps professionals.

What You’ll Do

Learn the internals of Jenkins and its plugin system from the perspective of web application security

Participate in the Jenkins CERT

Detect and correct vulnerabilities

Review, coordinate and deliver corrections

Security architecture

Make deep/chirurgical changes into Jenkins core

Assess/evaluate security risks, not only in Jenkins but also in other project in the product department

Engineer and automate our security tooling/process

Improve our capacities to search patterns in the ecosystem

Automate as much as we can the vulnerability detection

Security support

Analyse scanner reports

Use/improve our vulnerability management application (OWASP DefectDojo)

Reply to customer/support questions about security

Participate in meetings with customers to understand their requirements

Security education

Provide help to other teams, assessing vulnerabilities, reviewing corrections

Improve security awareness

Provide training / demo

Participate in the industry events

Learn the latest trends in security

Share the learning from this role to the wider community during talks and workshops

Our Engineering teams are distributed by design. You can work from the offices or remotely without feeling disconnected

What The Role Requires

Knowledge & passion for web application security (OWASP Top 10)

Solid experience in Java web application development (JavaScript is a plus)

Experience in scripting (Groovy, Shell, Python)

Hacker mindset

Willingness to learn

Desire to break things for the good

Solving problems

Proficiency using CI/CD tools

What You’ll Get

Highly competitive benefits and vacation package

Ability to work for one of the fastest growing companies with some of the most talented people in the industry

Team outings

Fun, Hardworking, and Casual Environment

Endless Growth Opportunities

We have a culture of movers and shakers and are leading the way for everyone else with a vision to transform the industry. We are authentic in who we are. We believe in our abilities and strengths to change the world for the better. Being inclusive and working together is at the heart of everything we do. We are naturally curious. We ask the right questions, challenge what can be done differently and come up with intelligent solutions to the problems we find. If that’s you, get ready to bee impactful and join the hive.

At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers. Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization.

In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide workforce and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere. Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem solving and better solutions for our customers and their business.