Security Software Engineer

Canonical

Security roles might tackle any of the following:

• Define, implement, and document new security features
• Lead security-focused initiatives within a product engineering team
• Analyze, fix, and test vulnerabilities in open source software
• Contribute to Ubuntu and upstream open source projects to benefit the community
• Audit and analyze source code for vulnerabilities
• Integrate new tools into our security infrastructure, pipelines, and processes
• Achieve and retain various security certifications
• Extend and enhance Linux cryptographic components to meet country-specific compliance requirements, such as FIPS and Common Criteria (CC) certifications
• Work with external partners to develop Center for Internet Security (CIS) benchmarks
• Design and develop hardening automation for Ubuntu
• Stay up to date with trends and developments in the security industry
• Develop, test, and maintain new software capabilities
• Provide guidance and support to other engineering teams on security best practices

What we are looking for in you

• An exceptional academic track record from both high school and university
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• A track record of going above and beyond expectations
• Thorough understanding of the common categories of security vulnerabilities and how to fix them
• Knowledge of modern software engineering techniques
• Familiarity with open source development tools and methodologies
• Skill in one or more of C, C++, Python, Go, Rust, Java, Ruby, PHP, or JavaScript/Typescript
• Experience as a security champion
• Experience driving security within a wider SSDLC process
• Professional written and spoken English
• Experience with Linux (Debian or Ubuntu preferred)
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Passion, thoughtfulness, and self-motivation
• Excellent communication and presentation skills
• Results-oriented, with a personal drive to meet commitments

Optional skills we also value

• Clear and effective communication with both the team and Ubuntu community members
• Experience working with the Linux kernel
• Experience with security certifications and knowledge of FIPS and/or Common Criteria (CC)
• Experience with OVAL (Open Vulnerability Assessment Language)
• Knowledge of cryptographic modules such as OpenSSL and Libgcrypt
• Knowledge of low-level Linux cryptography APIs
• Demonstrated ability to learn quickly
• Performance engineering experience