Senior Application Security Engineer (United Kingdom)

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

• Embed security across the platform, from source to prod.
• Architect security controls across distributed, cloud-native systems.
• Lead threat modeling and security reviews (and get people to enjoy them)
• Pen-test services and infra (ethically, please).
• Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
• Harden everything from container runtimes to APIs to artifact pipelines.
• Write secure code, review other people’s code, and help everyone level up their secure coding game.
• Build tools, automate boring stuff, and occasionally drop a ‘sploity’ proof of concept for fun.

You need:

• A background in software development. At your core, you’re a software engineer. Python for sure and a bit of TypeScript never hurt anyone.
• Deep application security knowledge
• Hands-on experience with SAST, DAST, RASP, and securing cloud (preferably AWS).
• Strong grasp of container security, API security, IaC, and CI/CD.
• You’ve done pen testing, threat modeling, and maybe even built some of your own security tools.
• Big bonus if you’ve secured artifact systems or supply chains before.
• Bigger bonus if you’ve worked with Firecracker, gVisor, or fancy things like SCA and data enclaves.
• You believe security should enable, not block, engineering.
• You’re a diplomat - you gotta work with engineering to secure the SDLC, not spook them.

If interested, get in touch on rose@ninedots.io

This job is remote on the Island of Ireland or in the UK. You need to be physically located here - you cannot work remotely from another country.

Work permit sponsorship is not available.