We’re powering the continuous economy by building the world’s first end to end system for automated software delivery.
CloudBees is a globally distributed company with approaching 400 employees in over 15 countries working together to invent a new category of software - one that automates the delivery of software. As every company in the world is becoming a software company, and as software delivery practices evolve from slow, infrequent releases toward continuous delivery supported by CI/CD, DevOps practices and the cloud, this new software category will become the most mission critical new business system in the modern enterprise. As today’s clear leader in CI/CD, CloudBees is uniquely positioned to define and lead this new category and is expanding its product and engineering organization in order to do so
The CloudBees product and engineering organization includes some of the world’s most respected contributors to the tools, languages and practices behind modern software development. Because CloudBees is a fully distributed company, it’s also been able to draw on a global talent pool and maintain a very high bar for intellect, technical skills and work culture. Nearly every Bee has chosen to work at CloudBees because of a personal conviction of the transformative power of continuous delivery practices in every function in software development, and every Bee has been actively chosen for being amongst the best at what they do in the world. This leads to a sense of shared mission and mutual respect that makes CloudBees a truly special place to work.
The Product Security organization oversees engineering security practices across the entire product organization and therefore the securing of multiple products (both on-prem builds and SaaS). Product Security is multi-faceted with respect to the counterparts it is interacting with: Engineering teams, Product Management, Product Marketing, Legal, and external customers and is at the cross-road of everything we build.
You will be involved in a vast array of endeavors to build our security program, which includes a lot of freedom to define our next steps. Your primary task will be to automate and glue a variety of systems and tools to come up with a state-of-the-art security pipeline. You will also lean on other engineering endeavors for our compliance program, work on the application security pipeline, drive cloud security practices, docker and kubernetes security, vulnerability management, educating our engineering workforce, or harden our software supply chain.
You will be a reference when it comes to security and will develop our security core program. You will have regular interaction with our Ops and Dev teams.
Location / TimeZone: our preferred team member will be located in US East or Western Europe working hours. We fully embrace remote working. We use remote tools extensively, including Slack and Google Docs.
What You’ll Do
- Engineer and automate our global product security program
- Co-define and implement what is best for the product organization when it comes to security.
- Define and implement the bulk of our application security pipelines.
- Work on our software supply chain security.
- Advise and get your hands dirty on docker and kubernetes security.
- Educate and evangelize security throughout the organization.
- Re-engineer processes as needed in collaboration with the teams.
- Collaborate and engineer our compliance efforts.
- Work closely with the Product (engineering) teams to feed security requirements/features into the design, implementation, and delivery of new services.
- Collaborate with the Operations team to bring infrastructure security requirements "up" the stack into applications.
- Code the necessary automation to ensure ongoing adherence to security practices/policies.
- Develop or integrate libraries and other building blocks to enable all CloudBees services to operate and handle user data more securely.
- Help raise the profile of security across engineering.
What The Role Requires
- Prior experience (5+ years) working on an Ops focused team, or Dev focused team (or both).
- Prior experience (2+ years) working within Application or Information Security teams.
- 3+ years of recent and non-stop scripting/development experience (e.g. Go, Python, Ruby).
- Strong proficiency using CI/CD tools to create and manage automated pipelines (e.g. Jenkins pipelines)
- Strong understanding of the OWASP Top Ten security risks and how to mitigate them.
- Passion for automating all the things, while keeping security in mind at all times.
- Experience with OWASP SAMM or other maturity model framework.
- Experience with commercial tools for static/dynamic code analysis (e.g. Zap, Burp).
- The ability to write a solid root-cause-analysis / explanation of a security issue is critical - including how to exploit, likelihoods of exploit, etc.
- Strong familiarity with RESTful API practices.
- Working knowledge and understanding of AWS and/or Google Cloud.
- Familiarity in working with complex applications with modern best practices (e.g. test driven development, continuous delivery, code reviews, etc.)
- The hacker mentality of doing whatever it takes to figure out and solve a problem.
- Understanding of authentication/authorization frameworks (i.e. OAuth2, SSO)
- Additional nice to have:
- Experience with penetration testing tools.
At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers. Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization.
In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide work force and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere. Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem solving and better solutions for our customers and their businesses.