Staff Security Engineer (AppSec)

Cloudsmith Ltd
Belfast
1 month ago
Create job alert

TL;DR:We're seeking a passionate and technically sophisticated security engineer to lead, architect, and integrate security into every aspect of our platform. You like making things, but also breaking things and preventing others from doing the same.

About Cloudsmith

Cloudsmith is transforming how organizations handle software artifacts and secure their supply chains. As a fully managed multi-tenant Software as a Service (SaaS) built on AWS, our mission is to enable organizations to tackle scale and complexity through best-in-class artifact management and to secure software by default. Our vision is to become the software supply chain itself, powering the future of software delivery.

We are the world's most potent artifact management platform, built by developers for developers. Our platform supports over 30 formats spanning languages, containers, and operating systems, with enterprise-grade features, including vulnerability and security scanning, world-class policy management and enforcement, and web-scale to handle the Fortune 500. Organizations integrate Cloudsmith as critical infrastructure into their development, deployment, and distribution pipelines, trusting us to protect and accelerate, no matter the scale.

Backed by top-tier investors and on a trajectory toward IPO, we're building mission-critical infrastructure that powers software delivery for organizations worldwide. We operate at the cutting edge of cloud-native technology, tackling complex distributed systems challenges that directly impact millions of developers. Now is an exciting time to join us as we revolutionize how organizations deliver and secure software and help write the next chapter of our rocket-ship growth story.

The Role

As aStaff Security Engineer (AppSec)reporting to the Director of Information Security, you'll be a key member of our growing security function, focusing on our product and platform security. This role combines hands-on security engineering with technical leadership, requiring someone to implement security controls and guide other engineers in secure development practices. You'll be the technical cornerstone of our product security initiatives, working to ensure our platform remains secure by design as we scale.

Key ResponsibilitiesTechnical Security Leadership

  • Enhance and expand security controls across our cloud-native infrastructure.
  • Lead security architecture reviews and threat modeling sessions.
  • Develop, evolve, and implement secure coding standards and practices.
  • Extend our security automation tooling and strengthen CI/CD pipeline security.
  • Build upon our existing security testing frameworks and procedures.

Application Security Implementation

  • Perform security code reviews and penetration testing of our codebases.
  • Implement security controls for our distributed systems (AWS-based).
  • Design and implement secure container runtime environments.
  • Build secure API endpoints and review API security architecture.
  • Implement supply chain security controls and verification systems.

Security Engineering & Architecture

  • Enhance our security monitoring solutions using DataDog, AWS Security Hub, etc.
  • Strengthen our secure deployment pipelines using CircleCI and GitHub Actions.
  • Drive implementation of our secure artifact storage and processing systems.
  • Design and implement additional customer and environment isolation controls.
  • Develop security automation tools and frameworks and apply them.
  • Partner with the Director of InfoSec + CTO on security architecture decisions.

Security Culture & Education

  • Provide security guidance and mentorship to engineering teams.
  • Develop and deliver security training materials.
  • Create security documentation and guidelines.
  • Participate in security incident response.
  • Contribute to security policies and standards.

Team Collaboration

  • Work closely with the Director of InfoSec + CTO to implement security strategies.
  • Collaborate with engineering teams to embed security practices.
  • Support security audit and compliance initiatives.
  • Participate in security incident response as a technical lead (incl. red/blue team).
  • Help evaluate and implement new security tools and technologies.
  • Automate everything, write code (if you want to!), and make proofs ('sploits).

Required Experience, Qualities & SkillsTechnical Expertise

  • 7+ years of security engineering experience or equivalent.
  • Deep expertise in application security and secure software development.
  • Experience with implementing SAST, DAST, and RASP (Runtime Security).
  • Strong programming skills in Python, with familiarity in TypeScript/Node.js or similar.
  • Extensive experience with:
    • Cloud security (AWS-based, preferably).
    • Web application security.
    • API security (REST or GraphQL, etc.).
    • Infrastructure as Code security.
    • CI/CD pipeline security.
    • Container security (Docker, OCI).
    • Database security.

Security Engineering Skills

  • Experience building security tools and automation.
  • Strong background in threat modeling and risk assessment.
  • Expertise in penetration testing and vulnerability assessment.
  • Knowledge of cryptography and secure communication protocols.
  • Experience with security monitoring and incident response.

Domain Knowledge

  • Understanding of software supply chain security.
  • Experience with artifact management systems.
  • Knowledge of modern development practices and tools.
  • Familiarity with compliance frameworks (ISO 27001, SOC2).

Bonus Points

  • Experience with:
    • Data enclave implementations.
    • Secure runtime environments (Firecracker, gVisor).
    • Software Composition Analysis.
    • Contributions to open-source security tools.
    • Security-focused certifications (OSCP, CSSLP, etc.).
    • Experience securing package management systems.

Cultural Values We're Looking For

  • Technical Mastery:Demonstrate deep security expertise and engineering craftsmanship.
  • Security Innovation:Drive automated, cloud-native security solutions to excellence.
  • Knowledge Champion:Share security expertise openly and mentor engineering teams.
  • Pragmatic Builder:Deliver practical security solutions with customer needs in mind.
  • Continuous Growth:Actively expand security knowledge and embrace sustainable practices.

Impact & Opportunity

This role offers the chance to enhance security in a platform already trusted by organizations worldwide for software supply chain security. You'll join an ISO 27001-certified organization and work with cutting-edge technologies, implementing security controls that protect critical infrastructure. From startups to Fortune 500 customers, your work will directly impact how organizations secure their software supply chains while helping us maintain our position as the most trusted name in artifact management.

Benefits, Location & Work Environment

Note:You must be based in Ireland or the United Kingdom and have the right to work independently without requiring sponsorship.

Headlines

  • A remote-first position based in Ireland or the United Kingdom.
  • A competitive compensation package, including equity.
  • Comprehensive health, dental, and vision insurance.
  • Generous annual leave and flexible working policies to suit your lifestyle.
  • A professional development budget for conferences and training.
  • In a dynamic, innovative, trust-centric, and supportive work environment.
  • With the opportunity to shape a fast-growing Series A startup (and beyond).
  • Regular (monthly-ish) travel may be required for team meetings.
  • Regular (quarterly-ish) travel may also be required for events and customers.

Health and Wellness

Regardless of your location, we deeply care about our staff's and their families' health and wellness; a sustainable pace is essential. In addition to generous annual leave (PTO), we offer parental leave and health benefits to cover you and your dependents up to 100%. We also offer flexible, family-friendly working policies.

Personal Growth

You will have an enormous opportunity to learn new skills alongside your colleagues, and your continued professional development is essential to us because it's important to you. We will support you with budgets for equipment, training, books, conferences, travel, and certifications. The more powerful you become, the better for all of us.

Hybrid Work

Cloudsmith is headquartered in Belfast, Northern Ireland, and we use our H.Q. regularly for activities like team planning, meets and greets, and sometimes other group activities (like games!). We also hold all-hands offsites in Belfast (or otherwise) thrice yearly, with guest speakers and team activities. Most Cloudsmithers work remotely, close and far, so we rely on our online collaboration tools; Slack is how we work.

About Equal Opportunity

Cloudsmith is an equal-opportunity employer proud to nurture a diverse workplace that welcomes applications from individuals of all races, genders, and ethnic groups. We do not discriminate on age, religion, sexual orientation, citizenship status, military service, or health conditions. We will not tolerate discrimination of any kind within our workforce.

The Final Word

We're seeking someone with deep technical security expertise and a passion for building secure systems. You'll be working at the intersection of cloud infrastructure, artifact management, and supply chain security, helping to develop a platform that organizations trust with their most critical assets. If you're excited about security engineering and want to have a lasting impact on the software industry, we want to hear from you.

#J-18808-Ljbffr

Related Jobs

View all jobs

Cyber Security Engineer - London

Chief Information Security Officer - Managing Director

Fire & Security Engineer

Fire & Security Engineer

Fire & Security Engineer

Fire & Security Engineer

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

Careers

How to Achieve Work-Life Balance in Cyber Security Jobs: Realistic Strategies and Mental Health Tips

Cyber security is one of today’s most vital and rapidly expanding sectors. As data breaches, ransomware, and other cyber threats continue to evolve, the demand for skilled professionals is surging across industries—from finance and healthcare to government and e-commerce. Whether you’re a penetration tester, security analyst, or threat intelligence expert, you play a key role in safeguarding digital infrastructure and sensitive information. This high-stakes environment, however, often comes with intense pressure. Long hours, constant vigilance, and an ever-changing threat landscape can make it challenging to find time for personal well-being. Many cyber security specialists report difficulty striking a sustainable work-life balance, unsure if it’s even possible in a field that never truly sleeps. Yet, as concerns about mental health and burnout become more pressing, professionals and employers alike are seeking better ways to combine career advancement with a fulfilling personal life. In this comprehensive article, we’ll explore how to achieve a work-life balance in cyber security. You’ll discover strategies for managing 24/7 threat alerts, the importance of realistic expectations, ways to maintain mental health in high-intensity roles, and tips for setting boundaries without compromising your professional growth. Whether you’re new to this dynamic arena or already an established specialist, these insights can help you thrive personally and professionally in the fast-paced world of cyber security.

Careers

Transitioning from Academia to the Cyber Security Industry: How Researchers Can Harness Their Skills to Protect Commercial Environments

Cyber security has become a mission-critical field in an era where data breaches, ransomware attacks, and sophisticated hacking techniques threaten businesses and public institutions alike. As digital transformation touches nearly every facet of modern life, the need for highly skilled individuals capable of defending systems and networks continues to grow. For PhDs and academic researchers with expertise in areas like cryptography, network security, or threat intelligence, this presents an exciting opportunity to deploy your analytical prowess in a high-impact, fast-paced commercial setting. In this guide we’ll explore how academics can successfully pivot from the research lab to the cyber security industry. Learn how to apply rigorous, theory-driven approaches to real-world challenges, from designing secure software architectures to neutralising advanced persistent threats. By embracing the industry’s urgency and end-to-end mindset, you can transform your scholarly insights into robust, market-facing security solutions that protect companies and users on a global scale.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.