Direct message the job poster from nineDots.io

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you\'ll do:

• Embed security across the platform, from source to prod.
• Architect security controls across distributed, cloud-native systems.
• Lead threat modeling and security reviews (and get people to enjoy them)
• Pen-test services and infra (ethically, please).
• Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
• Harden everything from container runtimes to APIs to artifact pipelines.
• Write secure code, review other people\’s code, and help everyone level up their secure coding game.
• Build tools, automate boring stuff, and occasionally drop a ‘sploity’ proof of concept for fun.

You need:

• A background in software development. At your core, you\’re a software engineer. Python for sure and a bit of TypeScript never hurt anyone.
• Deep application security knowledge
• Hands-on experience with SAST, DAST, RASP, and securing cloud (preferably AWS).
• Strong grasp of container security, API security, IaC, and CI/CD.
• You\’ve done pen testing, threat modeling, and maybe even built some of your own security tools.
• Big bonus if you\’ve secured artifact systems or supply chains before.
• Bigger bonus if you\’ve worked with Firecracker, gVisor, or fancy things like SCA and data enclaves.
• You believe security should enable, not block, engineering.
• You\’re a diplomat - you gotta work with engineering to secure the SDLC, not spook them.

How to apply - If interested, get in touch on rose@ninedots.io

Location - This job is remote on the Island of Ireland or in the UK. You need to be physically located here - you cannot work remotely from another country.

Eligibility - Work permit sponsorship is not available.