At a Glance
- Tasks: Join an engineering tribe to enhance security in software development and design.
- Company: Cloudsmith, a leading SaaS platform for modern software supply chains.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic team environment with a commitment to innovation and security excellence.
- Why this job: Make a real impact on software security while collaborating with talented engineers.
- Qualifications: Strong background in software engineering with a focus on security practices.
The predicted salary is between 70000 - 90000 € per year.
We’re looking for a deeply technical Application Security Engineer to embed inside engineering and help secure Cloudsmith 2.0, the operating system for the modern software supply chain. The ideal person is a software engineer at heart who chose to specialize in security. You should be comfortable moving between code, architecture, and security design.
About Cloudsmith: Cloudsmith is building the operating system for the modern software supply chain. We run a global, fully managed, multi-tenant SaaS platform that helps organizations, from startups to the Fortune 500, secure, govern, and distribute software artifacts at scale. Worldwide, our customers use Cloudsmith as a critical infrastructure control plane for CI/CD, developer workflows, security controls, compliance, and software distribution, supporting 30+ formats and ecosystems across languages, containers, and operating systems. We recently raised our Series C to accelerate Cloudsmith 2.0: deeper artifact intelligence, stronger policy and provenance, faster package-aware delivery, and infrastructure built for engineering teams, as well as the modern AI-driven software factory. By developers, for developers: we care about craft, architecture, and enterprise scale.
The Role: As a Senior Application Security Engineer, you’ll report to the Head of Security and embed directly into one of our engineering tribes. You’ll work alongside Engineering Managers, Product Managers, Principal Engineers, and product engineers as part of the tribe’s day-to-day rhythm. Your job is to advocate for security from within the core engineering function, not from the sidelines. That means joining design discussions early, reviewing code and architecture, identifying risks early, and helping the tribe land secure, pragmatic fixes. We are building a model where security engineers are part-IC, part-security specialist. You should be able to contribute directly, but your greater leverage lies in raising the security judgment of the engineers around you, so good security becomes part of how we work.
Key Responsibilities:
- Embed inside an engineering tribe and participate in planning, design review, code review, incident learning, and delivery conversations.
- Collaborate across security, platform, and engineering guilds so security work routes to the right team, at the right time, with the right priority.
- Threat-model product and platform changes across APIs, workers, data stores, queues, object storage, CDNs, identity, policy, and tenant boundaries.
- Review production code and architecture for authentication, authorization, data access, secrets handling, artifact integrity, signing, auditability, and abuse cases.
- Build and improve security tooling, paved roads, checks, libraries, and automation that make securing Cloudsmith easier for engineers.
- Tune and operate security controls across SAST, DAST, SCA, secrets scanning, container scanning, IaC scanning, dependency analysis, and runtime signals.
- Investigate, triage, and remediate vulnerabilities identified through internal testing, third-party testing, responsible disclosure, customer reports, and security tooling.
- Support security incidents, red/blue exercises, detection work, and post-incident actions, improvements, and other investigatory/preventative follow-ups.
- Support technical control work for SOC 2, ISO 27001, EU CRA, and related frameworks, working with GRC where security engineering input is needed.
- Raise the tribe's security capability by helping engineers understand risks, threat-model their own work, and recognize what good secure design looks like.
Senior Application Security Engineer in Belfast employer: Cloudsmith Ltd
Cloudsmith is an exceptional employer that fosters a collaborative and innovative work culture, where security engineers are integral to the engineering process. With a focus on employee growth, Cloudsmith offers opportunities to engage in meaningful projects that shape the future of software supply chains while working alongside talented professionals in a supportive environment. Located in a dynamic tech hub, employees benefit from a vibrant community and access to cutting-edge resources, making it an ideal place for those passionate about security and software development.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Application Security Engineer in Belfast
✨Tip Number 1
Network like a pro! Get involved in tech meetups, webinars, and online forums related to application security. The more people you know in the industry, the better your chances of landing that dream job.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your projects, especially those that highlight your security expertise. This is your chance to demonstrate how you can embed security into engineering processes.
✨Tip Number 3
Don’t just apply; engage! When you find a role that excites you, reach out to current employees on LinkedIn. Ask them about their experiences at Cloudsmith and express your enthusiasm for the position.
✨Tip Number 4
Keep learning! Stay updated with the latest trends in application security and cloud technologies. This not only boosts your knowledge but also shows potential employers that you're committed to your craft.
We think you need these skills to ace Senior Application Security Engineer in Belfast
Some tips for your application 🫡
Show Your Passion for Security:When writing your application, let us see your enthusiasm for security! Share your journey from software engineering to specialising in security. We want to know what drives you and how you can contribute to making Cloudsmith 2.0 secure.
Tailor Your Application:Make sure to customise your application to highlight relevant experience that aligns with our job description. Mention specific projects where you've embedded security into the development process, as this is key for us at Cloudsmith.
Be Clear and Concise:Keep your application straightforward and to the point. Use clear language to describe your skills and experiences, especially those related to code review, threat modelling, and security tooling. We appreciate clarity!
Apply Through Our Website:Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team at Cloudsmith!
How to prepare for a job interview at Cloudsmith Ltd
✨Know Your Stuff
Make sure you brush up on your technical skills, especially around application security. Be ready to discuss your experience with code reviews, threat modelling, and security tooling. The more you can demonstrate your expertise, the better!
✨Understand the Company Culture
Cloudsmith values collaboration and embedding security within engineering teams. Familiarise yourself with their approach to security and how it integrates into their development process. Show that you can advocate for security while working closely with engineers.
✨Prepare for Scenario Questions
Expect to be asked about real-world scenarios where you had to identify and mitigate security risks. Think of specific examples from your past experiences where you successfully navigated challenges in application security.
✨Ask Insightful Questions
Prepare thoughtful questions that show your interest in Cloudsmith's mission and the role. Inquire about their current security challenges or how they envision the future of application security within their engineering tribes. This shows you're engaged and forward-thinking.
