We’re powering the continuous economy by building the world’s first end to end system for automated software delivery.
CloudBees is a globally distributed company with approaching 400 employees in over 15 countries working together to invent a new category of software - one that automates the delivery of software. As every company in the world is becoming a software company, and as software delivery practices evolve from slow, infrequent releases toward continuous delivery supported by CI/CD, DevOps practices and the cloud, this new software category will become the most mission critical new business system in the modern enterprise. As today’s clear leader in CI/CD, CloudBees is uniquely positioned to define and lead this new category and is expanding its product and engineering organization in order to do so.
The CloudBees product and engineering organization includes some of the world’s most respected contributors to the tools, languages and practices behind modern software development. Because CloudBees is a fully distributed company, it’s also been able to draw on a global talent pool and maintain a very high bar for intellect, technical skills and work culture. Nearly every Bee has chosen to work at CloudBees because of a personal conviction of the transformative power of continuous delivery practices in every function in software development, and every Bee has been actively chosen for being amongst the best at what they do in the world. This leads to a sense of shared mission and mutual respect that makes CloudBees a truly special place to work.
The Product Security organization oversees engineering security practices across the entire product organization and therefore the securing of multiple products (both on-prem builds and SaaS). Product Security is multi-faceted with respect to the counterparts it is interacting with: Engineering teams, Product Management, Product Marketing, Legal, and external customers and is at the cross-road of everything we build.
You will be involved in a vast array of endeavors to build our security program, yet have a specific focus on application security, for both on-prem and SaaS offerings. You will act as the Subject Matter Expert and work with the various teams on security engineering topics.
Location / TimeZone: our preferred team member will work in Europe working hours. We fully embrace remote working. We use remote tools extensively, including Slack and Google Docs.
What You’ll Do
Work with product engineering teams to architect solutions that are inherently secure, and aligns with our compliance targets.
Build and automate our appsec platform leveraging CI/CD practices, automating/coding everywhere possible.
Risk Assessments/Threat modeling service or application features.
Participate in triaging and acting on our HackerOne program.
Perform penetration testing as required.
Be part of our Incident Response team.
Create and execute training exercises to further educate developers’ security knowledge.
Code the necessary automation to ensure ongoing adherence to security practices/policies.
Help raise the profile of security across engineering. Help the security champions in teams.
What The Role Requires
Prior experience (3+ years) working within Application or Information Security teams.
3+ years scripting development experience (e.g. Go, Python, Ruby -- bonus for python/django).
A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem.
Strong understanding of the OWASP Top Ten security risks and how to mitigate them.
Strong understanding of authentication/authorization frameworks (i.e. OAuth2, SSO)
Experience with tools for static/dynamic code analysis (e.g. Sonarqube, OWASP’s).
Proficiency with several app scanners, such as Arachni, ZAP, Anchore.
The ability to write a solid root-cause-analysis / explanation of a security issue is critical - including how to exploit, likelihoods of exploit, etc.
Working knowledge of AWS and/or GCP, docker and kubernetes, terraform.
Exposure to compliance frameworks (e.g. GDPR, NIST 800 series, SOC2) a plus.
Up-to-date knowledge of latest security vulnerabilities (e.g. reported CVEs) against web application frameworks and libraries, including an understanding of their impact and exploitation techniques.
At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers. Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization.
In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide work force and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere. Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem solving and better solutions for our customers and their businesses.
About Softesis
We are a company based in Odessa that specializes in creating and running dedicated teams and offshore sites for our US customers. We’ve been on the market for 3+ years and already have multiple divisions and 100+ people on board.
We truly believe that the best way to do business is to concentrate on long-term partnerships vs. short term projects, that’s why all our team members are hired solely for a particular customer and work directly with customer’s team. Both us and our customers treat every person not as a human resource and but as a team member that is involved and appreciated.
We’re constantly expanding and looking for talents for both on-site and remote cooperation. Check out the list below for something that might be relevant for you. Look forward to hearing from you.
Company website:
https://softesis.com/jobs
DOU company page:
https://jobs.dou.ua/companies/softesis/
The job ad is no longer active
Look at the current
jobs
Security
Kyiv→