Associate Security Engineer

ABOUT CLOUDBEES

CloudBees provides the leading software delivery platform for enterprises, enabling them to continuously innovate, compete, and win in a world powered by the digital experience. Designed for the world's largest organizations with the most complex requirements, CloudBees enables software development organizations to deliver scalable, compliant, governed, and secure software from the code a developer writes to the people who use it. The platform connects with other best of breed tools, improves the developer experience, and enables organizations to bring digital innovation to life continuously, adapt quickly, and unlock business outcomes that create market leaders and disruptors.

CloudBees was founded in 2010 and is backed by Goldman Sachs, Morgan Stanley,Bridgepoint Credit, HSBC, Golub Capital, Delta-v Capital, Matrix Partners, and Lightspeed Venture Partners. Visit www.cloudbees.com and follow us on Twitter, LinkedIn, and Facebook.

Why this role

You will join the Jenkins Security team which has the mission to enhance the security of the open source project Jenkins, and the CloudBees product based on it (CloudBees CI).

What You’ll Do

• Dig into the internals of Jenkins and its plugin system from the perspective of web application security.
• Work on the lifecycle of vulnerabilities.
• Improve our security tooling/process/automation.
• Provide security education, increase awareness in the department and in the community.

What The Role Requires

• Bachelor’s or Master’s degree in Computer Science or related field.
• 1-3 years of professional experience in Java web application development (JavaScript is a plus) with Bachelor’s degree  or 0 year with a Master’s degree
• Knowledge & passion for web application security (e.g., OWASP Top 10).
• Hacker mindset.
  • Willingness to learn.
  • Desire to break things for the good.
  • Solving problems.
• Knowledge on using CI/CD tools (Jenkins is a plus).
• Experience in scripting is a plus (Groovy, Shell).
• Familiar with Maven, Git, Docker.

Scam Notice

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of CloudBees. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that CloudBees will never ask for any personal account information, such as cell phone, credit card details or bank account numbers, during the recruitment process. Additionally, CloudBees will never send you a check for any equipment prior to employment.

All communication from our recruiters and hiring managers will come from official company email addresses (@cloudbees.com) or from Paylocity and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent CloudBees and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at tahelp@cloudbees.com.

We take these matters very seriously and will work to ensure that any fraudulent activity is reported and dealt with appropriately. If you feel like you have been scammed in the US, please report it to the Federal Trade Commission at: https://reportfraud.ftc.gov/#/.

In Europe, please contact the European Anti-Fraud Office at:  https://anti-fraud.ec.europa.eu/olaf-and-you/report-fraud_en 

Signs of a Recruitment Scam

· Ensure there are no other domains before or after @cloudbees.com.  For example:  “name.dr.cloudbees.com”

· Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.

· If they provide a generic email address such as @Yahoo or @Hotmail as a point of contact.

· You are asked for money, an “administration fee”, “security fee” or an “accreditation fee”.

- You are asked for cell phone account information. 

#LI-Remote