×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer Security Manager

Senior Application Security Engineer

Job in Belfast, County Antrim, BT1, Northern Ireland, UK
Listing for: Cloudsmith
Full Time position
Listed on 2026-05-25
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Security Manager
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below

TL;

DR

We’re looking for a deeply technical Application Security Engineer to embed inside engineering and help secure Cloudsmith 2.0, the operating system for the modern software supply chain. The ideal person is a software engineer at heart who chose to specialize in security. You should be comfortable moving between code, architecture, and security design.

About Cloudsmith

Cloudsmith is building the operating system for the modern software supply chain. We run a global, fully managed, multi‑tenant SaaS platform that helps organizations, from startups to the Fortune 500, secure, govern, and distribute software artifacts ldwide, our customers use Cloudsmith as a critical infrastructure control plane for CI/CD, developer workflows, security controls, compliance, and software distribution, supporting 30+ formats and ecosystems across languages, containers, and operating systems.

We recently raised our Series C to accelerate Cloudsmith 2.0: deeper artifact intelligence, stronger policy and provenance, faster package‑aware delivery, and infrastructure built for engineering teams, as well as the modern AI‑driven software factory. By developers, for developers: we care about craft, architecture, and enterprise scale.

The Role

As a Senior Application Security Engineer, you’ll report to the Head of Security and embed directly into one of our engineering tribes. You’ll work alongside Engineering Managers, Product Managers, Principal Engineers, and product engineers as part of the tribe’s day‑to‑day rhythm. Your job is to advocate for security from within the core engineering function, not from the sidelines. That means joining design discussions early, reviewing code and architecture, identifying risks early, and helping the tribe land secure, pragmatic fixes.

We are building a model where security engineers are part‑IC, part‑security specialist. You should be able to contribute directly, but your greater leverage lies in raising the security judgment of the engineers around you, so good security becomes part of how we work.

Key Responsibilities
  • Embed inside an engineering tribe and participate in planning, design review, code review, incident learning, and delivery conversations.
  • Collaborate across security, platform, and engineering guilds so security work routes to the right team, at the right time, with the right priority.
  • Threat‑model product and platform changes across APIs, workers, data stores, queues, object storage, CDNs, identity, policy, and tenant boundaries.
  • Review production code and architecture for authentication, authorization, data access, secrets handling, artifact integrity, signing, auditability, and abuse cases.
  • Build and improve security tooling, paved roads, checks, libraries, and automation that make securing Cloudsmith easier for engineers.
  • Tune and operate security controls across SAST, DAST, SCA, secrets scanning, container scanning, IaC scanning, dependency analysis, and runtime signals.
  • Investigate, triage, and remediate vulnerabilities identified through internal testing, third‑party testing, responsible disclosure, customer reports, and security tooling.
  • Support security incidents, red/blue exercises, detection work, and post‑incident actions, improvements, and other investigatory/preventative follow‑ups.
  • Support technical control work for SOC 2, ISO 27001, EU CRA, and related frameworks, working with GRC where security engineering input is needed.
  • Raise the tribe's security capability by helping engineers understand risks, threat‑model their own work, and recognize what good secure design looks like.
Required Experience, Qualities & Skills Technical Depth
  • Around 5+ years of hands‑on application security experience, or equivalent experience across software engineering and security, with security as your recent focus.
  • Deep software engineering craft, with a focus on Python. Familiarity with Type Script, Go, or Rust is an advantage. Effective use of ownership‑driven AI is useful.
  • Deep web and API security knowledge: OWASP Top 10, business logic flaws, authn/authz design, token handling, REST, Graph

    QL, and multi‑tenant access control.
  • Practical threat modeling and vulnerability research…
Position Requirements
10+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search