Security Engineer; AppSec

TL;

DR:We're seeking a passionate and technically sophisticated security engineer to lead, architect, and integrate security into every aspect of our platform. You like making things but also breaking things and preventing others from doing the same.

Cloudsmith is transforming how organizations handle software artifacts and secure their supply chains. As a fully managed multi-tenant Software as a Service (SaaS) built on AWS, our mission is to enable organizations to tackle scale and complexity through best-in-class artifact management and to secure software by default. Our vision is to become the software supply chain itself, powering the future of software delivery.

We are the world's most potent artifact management platform, built by developers for developers. Our platform supports over 30 formats spanning languages, containers, and operating systems, with enterprise-grade features, including vulnerability and security scanning, world-class policy management and enforcement, and web-scale to handle the Fortune 500. Organizations integrate Cloudsmith as critical infrastructure into their development, deployment, and distribution pipelines, trusting us to protect and accelerate, no matter the scale.

Backed by top-tier investors and on a trajectory toward IPO, we're building mission-critical infrastructure that powers software delivery for organizations worldwide. We operate at the cutting edge of cloud-native technology, tackling complex distributed systems challenges that directly impact millions of developers. Now is an exciting time to join us as we revolutionize how organizations deliver and secure software and help write the next chapter of our rocket-ship growth story.

As a Security Engineer (App Sec) reporting to the Head of Application Security, you'll be a key member of our growing security function, focusing on our product and platform security. This role combines hands‑on security engineering with technical leadership, requiring someone to implement security controls and guide other engineers in secure development practices. You'll be the technical cornerstone of our product security initiatives, working to ensure our platform remains secure by design as we scale.

• Enhance and expand security controls across our cloud-native infrastructure.
• Lead security architecture reviews and threat modeling sessions.
• Develop, evolve, and implement secure coding standards and practices.
• Extend our security automation tooling and strengthen CI/CD pipeline security.
• Build upon our existing security testing frameworks and procedures.

• Perform security code reviews and penetration testing of our codebases.
• Implement security controls for our distributed systems (AWS-based).
• Design and implement secure container runtime environments.
• Build secure API endpoints and review API security architecture.
• Implement supply chain security controls and verification systems.

• Enhance our security monitoring solutions using Data Dog, AWS Security Hub, etc.
• Strengthen our secure deployment pipelines using Circle
  
  CI and Git Hub Actions.
• Drive implementation of our secure artifact storage and processing systems.
• Design and implement additional customer and environment isolation controls.
• Develop security automation tools and frameworks and apply them.
• Partner with the Head of App Sec+CTO on security architecture decisions.

• Provide security guidance and mentorship to engineering teams.
• Develop and deliver security training materials.
liCreate security documentation and guidelines.
• Participate in security incident response.
• Contribute to security policies and standards.

• Work closely with the Head of App Sec + CTO to implement security strategies.
• Collaborate with engineering teams to embed security practices.
• Support security audit and compliance initiatives.
• Participate in security incident response as a technical (incl. red/blue team).
• Help evaluate and implement new security tools and technologies.
• Automate everything, write code (if you want to!), and make proofs ('sploits).