Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security initiatives and implement controls for our cloud-native platform.
- Company: Join Cloudsmith, a cutting-edge SaaS company transforming software supply chain security.
- Benefits: Enjoy remote work, competitive pay, health insurance, and a professional development budget.
- Why this job: Make a real impact on software security while working with innovative technologies in a supportive culture.
- Qualifications: 3+ years in security engineering with expertise in application security and secure coding practices.
- Other info: This role is remote-first, based in Ireland or the UK, with opportunities for travel and team collaboration.
The predicted salary is between 48000 - 84000 £ per year.
Security Engineer (AppSec)
TL;DR: We\’re seeking a passionate and technically sophisticated security engineer to lead, architect, and integrate security into every aspect of our platform. You like making things but also breaking things and preventing others from doing the same.
About Cloudsmith
Cloudsmith is transforming how organizations handle software artifacts and secure their supply chains. As a fully managed multi-tenant Software as a Service (SaaS) built on AWS, our mission is to enable organizations to tackle scale and complexity through best-in-class artifact management and to secure software by default. Our vision is to become the software supply chain itself, powering the future of software delivery.
We are the world\’s most potent artifact management platform, built by developers for developers. Our platform supports over 30 formats spanning languages, containers, and operating systems, with enterprise-grade features, including vulnerability and security scanning, world-class policy management and enforcement, and web-scale to handle the Fortune 500. Organizations integrate Cloudsmith as critical infrastructure into their development, deployment, and distribution pipelines, trusting us to protect and accelerate, no matter the scale.
Backed by top-tier investors and on a trajectory toward IPO, we\’re building mission-critical infrastructure that powers software delivery for organizations worldwide. We operate at the cutting edge of cloud-native technology, tackling complex distributed systems challenges that directly impact millions of developers. Now is an exciting time to join us as we revolutionize how organizations deliver and secure software and help write the next chapter of our rocket-ship growth story.
The Role
As a Security Engineer (AppSec) reporting to the Head of Application Security, you\’ll be a key member of our growing security function, focusing on our product and platform security. This role combines hands-on security engineering with technical leadership, requiring someone to implement security controls and guide other engineers in secure development practices. You\’ll be the technical cornerstone of our product security initiatives, working to ensure our platform remains secure by design as we scale.
Key Responsibilities
Technical Security Leadership
- Enhance and expand security controls across our cloud-native infrastructure.
- Lead security architecture reviews and threat modeling sessions.
- Develop, evolve, and implement secure coding standards and practices.
- Extend our security automation tooling and strengthen CI/CD pipeline security.
- Build upon our existing security testing frameworks and procedures.
Application Security Implementation
- Perform security code reviews and penetration testing of our codebases.
- Implement security controls for our distributed systems (AWS-based).
- Design and implement secure container runtime environments.
- Build secure API endpoints and review API security architecture.
- Implement supply chain security controls and verification systems.
Security Engineering & Architecture
- Enhance our security monitoring solutions using DataDog, AWS Security Hub, etc.
- Strengthen our secure deployment pipelines using CircleCI and GitHub Actions.
- Drive implementation of our secure artifact storage and processing systems.
- Design and implement additional customer and environment isolation controls.
- Develop security automation tools and frameworks and apply them.
- Partner with the Head of AppSec + CTO on security architecture decisions.
Security Culture & Education
- Provide security guidance and mentorship to engineering teams.
- Develop and deliver security training materials.
- Create security documentation and guidelines.
- Participate in security incident response.
- Contribute to security policies and standards.
Team Collaboration
- Work closely with the Head of AppSec + CTO to implement security strategies.
- Collaborate with engineering teams to embed security practices.
- Support security audit and compliance initiatives.
- Participate in security incident response as a technical lead (incl. red/blue team).
- Help evaluate and implement new security tools and technologies.
- Automate everything, write code (if you want to!), and make proofs (\’sploits).
Required Experience, Qualities & Skills
Technical Expertise
- 3+ years of security engineering experience or equivalent.
- Deep expertise in application security and secure software development.
- Experience with implementing SAST, DAST, and RASP (Runtime Security).
- Strong programming skills in Python, with familiarity in TypeScript/Node.js or similar.
- Extensive experience with:
- Cloud security (AWS-based, preferably).
- Web application security.
- API security (REST or GraphQL, etc.).
- Infrastructure as Code security.
- CI/CD pipeline security.
- Container security (Docker, OCI).
- Database security.
Security Engineering Skills
- Experience building security tools and automation.
- Strong background in threat modeling and risk assessment.
- Expertise in penetration testing and vulnerability assessment.
- Knowledge of cryptography and secure communication protocols.
- Experience with security monitoring and incident response.
Domain Knowledge
- Understanding of software supply chain security.
- Experience with artifact management systems.
- Knowledge of modern development practices and tools.
- Familiarity with compliance frameworks (ISO 27001, SOC2).
Bonus Points
- Experience with:
- Data enclave implementations.
- Secure runtime environments (Firecracker, gVisor).
- Software Composition Analysis.
- Contributions to open-source security tools.
- Security-focused certifications (OSCP, CSSLP, etc.).
- Experience securing package management systems.
Cultural Values We\’re Looking For
- Technical Mastery: Demonstrate deep security expertise and engineering craftsmanship.
- Security Innovation: Drive automated, cloud-native security solutions to excellence.
- Knowledge Champion: Share security expertise openly and mentor engineering teams.
- Pragmatic Builder: Deliver practical security solutions with customer needs in mind.
- Continuous Growth: Actively expand security knowledge and embrace sustainable practices.
Impact & Opportunity
This role offers the chance to enhance security in a platform already trusted by organizations worldwide for software supply chain security. You\’ll join an ISO 27001-certified organization and work with cutting-edge technologies, implementing security controls that protect critical infrastructure. From startups to Fortune 500 customers, your work will directly impact how organizations secure their software supply chains while helping us maintain our position as the most trusted name in artifact management.
Benefits, Location & Work Environment
Note: You must be based in Ireland or the United Kingdom and have the right to work independently without requiring sponsorship.
Headlines
- A remote-first position based in Ireland or the United Kingdom.
- A competitive compensation package, including equity.
- With comprehensive health, dental, and vision insurance.
- Plus, generous annual leave and flexible working policies to suit your lifestyle.
- Including a professional development budget for conferences and training.
- In a dynamic, innovative, trust-centric, and supportive work environment.
- With the opportunity to shape a fast-growing Series A startup (and beyond).
- Regular (monthly-ish) travel may be required for team meetings.
- Regular (quarterly-ish) travel may also be required for events and customers.
Health and Wellness
Regardless of your location, we deeply care about our staff\’s and their families\’ health and wellness; a sustainable pace is essential. In addition to generous annual leave (PTO), we offer parental leave and health benefits to cover you and your dependents up to 100%. We also offer flexible, family-friendly working policies.
Personal Growth
You will have an enormous opportunity to learn new skills alongside your colleagues, and your continued professional development is essential to us because it\’s important to you. We will support you with budgets for equipment, training, books, conferences, travel, and certifications. The more powerful you become, the better for all of us.
Hybrid / Remote First
Cloudsmith is headquartered in Belfast, Northern Ireland, and we use our H.Q. regularly for activities like team planning, meets and greets, and sometimes other group activities (like games!). We also hold all-hands offsites in Belfast (or otherwise) thrice yearly, with guest speakers and team activities. Most Cloudsmithers work remotely, close and far, so we rely on our online collaboration tools; Slack is how we work.
About Equal Opportunity
Cloudsmith is an equal-opportunity employer proud to nurture a diverse workplace that welcomes applications from individuals of all races, genders, and ethnic groups. We do not discriminate on age, religion, sexual orientation, citizenship status, military service, or health conditions. We will not tolerate discrimination of any kind within our workforce.
The Final Word
We\’re seeking someone with deep technical security expertise and a passion for building secure systems. You\’ll be working at the intersection of cloud infrastructure, artifact management, and supply chain security, helping to develop a platform that organizations trust with their most critical assets. If you\’re excited about security engineering and want to have a lasting impact on the software industry, we want to hear from you.
- Department
- Security
- Role
- Application Security
- Locations
- NI/GB/ROI
- Employment type
- Full-time
Colleagues
About Cloudsmith
Security Engineer (AppSec)
Already working at Cloudsmith?
Let’s recruit together and find your next colleague.
#J-18808-Ljbffr
Security Engineer (AppSec) employer: Cloudsmith
Contact Detail:
Cloudsmith Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer (AppSec)
✨Tip Number 1
Familiarise yourself with Cloudsmith's platform and its security features. Understanding their specific security architecture and the technologies they use, such as AWS and CI/CD pipelines, will help you speak confidently about how you can contribute to their security initiatives.
✨Tip Number 2
Engage with the security community by participating in forums or attending relevant conferences. This not only helps you stay updated on the latest trends in application security but also allows you to network with professionals who might have insights into Cloudsmith's hiring process.
✨Tip Number 3
Showcase your hands-on experience with security tools and practices relevant to the role. Be prepared to discuss specific projects where you've implemented security controls or conducted penetration testing, as this will demonstrate your practical skills and fit for the position.
✨Tip Number 4
Prepare to discuss how you would foster a security culture within a team. Cloudsmith values mentorship and collaboration, so think of examples where you've successfully guided others in secure development practices or contributed to security training.
We think you need these skills to ace Security Engineer (AppSec)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in security engineering, particularly in application security. Emphasise your hands-on experience with secure coding practices, penetration testing, and cloud security, as these are key aspects of the role.
Craft a Compelling Cover Letter: In your cover letter, express your passion for security engineering and how it aligns with Cloudsmith's mission. Mention specific projects or experiences that demonstrate your technical expertise and your ability to implement security controls effectively.
Showcase Relevant Skills: Clearly list your technical skills related to the job description, such as programming in Python, experience with AWS, and knowledge of CI/CD pipeline security. Use bullet points for clarity and ensure they match the requirements outlined by Cloudsmith.
Highlight Continuous Learning: Mention any ongoing education or certifications you are pursuing in the field of security, such as OSCP or CSSLP. This shows your commitment to staying updated with the latest security trends and practices, which is crucial for the role.
How to prepare for a job interview at Cloudsmith
✨Showcase Your Technical Expertise
Be prepared to discuss your experience in application security and secure software development. Highlight specific projects where you've implemented security controls or conducted penetration testing, as this will demonstrate your hands-on skills and technical knowledge.
✨Understand Cloudsmith's Mission
Familiarise yourself with Cloudsmith's vision and how they handle software artifacts and supply chain security. Being able to articulate how your skills align with their mission will show your genuine interest in the role and the company.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving abilities in real-world scenarios. Think about past experiences where you had to enhance security measures or respond to security incidents, and be ready to explain your thought process and actions taken.
✨Demonstrate a Culture Fit
Cloudsmith values continuous growth and collaboration. Be ready to discuss how you mentor others, share knowledge, and contribute to a positive team culture. This will help convey that you're not just a technical fit but also a cultural one.
