Prior experience (3+ years) working within Application or Information Security teams.
3+ years scripting development experience (e.g. Go, Python, Ruby — bonus for python/django).
A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem.
Proficiency and in-depth understanding of cloud environments, AWS and/or GCP, docker and kubernetes.
Strong understanding of the OWASP Top Ten security risks and how to mitigate them.
Strong understanding of authentication/authorization frameworks (i.e. OAuth2, SSO)
Experience with tools for static/dynamic code analysis (e.g. Sonarqube, OWASP’s).
Proficiency with several app scanners, such as Arachni, ZAP, Anchore.
The ability to write a solid root-cause-analysis / explanation of a security issue is critical — including how to exploit, likelihoods of exploit, etc.
Exposure to compliance frameworks (e.g. GDPR, NIST 800 series, SOC2) a plus.
Up-to-date knowledge of latest security vulnerabilities (e.g. reported CVEs) against web application frameworks and libraries, including an understanding of their impact and exploitation techniques.
The Product Security organization oversees engineering security practices across the entire product organization and therefore the securing of multiple products (both on-prem builds and SaaS). Product Security is multi-faceted with respect to the counterparts it is interacting with: Engineering teams, Product Management, Product Marketing, Legal, and external customers and is at the cross-road of everything we build.
You will be involved in a vast array of endeavors to build our security program, yet have a specific focus on application security, for both on-prem and SaaS offerings. You will act as the Subject Matter Expert and work with the various teams on security engineering topics.
Work with product engineering teams to architect solutions that are inherently secure, and aligns with our compliance targets.
Build and automate our appsec platform leveraging CI/CD practices, automating/coding everywhere possible.
Risk Assessments/Threat modeling service or application features.
Participate in triaging and acting on our HackerOne program.
Perform penetration testing as required.
Be part of our Incident Response team.
Create and execute training exercises to further educate developers’ security knowledge.
Code the necessary automation to ensure ongoing adherence to security practices/policies.
Help raise the profile of security across engineering. Help the security champions in teams.
We’re powering the continuous economy by building the world’s first end to end system for automated software delivery.
CloudBees is a globally distributed company with approaching 400 employees in over 15 countries working together to invent a new category of software — one that automates the delivery of software. As every company in the world is becoming a software company, and as software delivery practices evolve from slow, infrequent releases toward continuous delivery supported by CI/CD, DevOps practices and the cloud, this new software category will become the most mission critical new business system in the modern enterprise. As today’s clear leader in CI/CD, CloudBees is uniquely positioned to define and lead this new category and is expanding its product and engineering organization in order to do so.
The CloudBees product and engineering organization includes some of the world’s most respected contributors to the tools, languages and practices behind modern software development. Because CloudBees is a fully distributed company, it’s also been able to draw on a global talent pool and maintain a very high bar for intellect, technical skills and work culture. Nearly every Bee has chosen to work at CloudBees because of a personal conviction of the transformative power of continuous delivery practices in every function in software development, and every Bee has been actively chosen for being amongst the best at what they do in the world. This leads to a sense of shared mission and mutual respect that makes CloudBees a truly special place to work.
Location / TimeZone: our preferred team member will work in Europe working hours. We fully embrace remote working. We use remote tools extensively, including Slack and Google Docs.
Skype — barrracuda
viber 097 543 63 33