Senior Security Software Engineer

About Gradle

Gradle is the build tool of choice for millions of developers around the globe and is the official build tool for Android applications. Developing Gradle is a dynamic and demanding engineering challenge, with the reward of significant industry impact and collaboration with some of the world's best software teams.

Our software is used by some of the world's leading software organizations, such as Netflix, Airbnb, Spotify, and Twitter. We regularly collaborate with these and other users to make our products continuously better.

Gradle Build Tool is an important component in the overall supply chain security of software. We work with major software vendors and industry-wide initiatives to make the software ecosystem more secure.

We are a diverse and inclusive workplace with a global multicultural team that learns from and respects each other. We are committed to advancing diversity and inclusion forward by investing resources in company-wide inclusion trainings, improving recruitment processes and contributing to groups that are committed to advancing racial/social justice and equality.

Gradle is an equal opportunity employer. We welcome people of different backgrounds, experiences, abilities, and perspectives and consider all qualified applicants without regard to race, color, national origin, citizenship status, gender, gender identity or expression, sexual orientation, religion, disability, age or any other applicable characteristics protected by law.

Location

Anywhere in the world with working conditions that allow for seamless collaboration with your colleagues through email, chat, and video streaming.

While our team works remotely and is spread across the globe, we deeply value daily interactions and collaboration. We require working hours to overlap with team member timezones (EMEA or US East).

The Position

We are looking for a Senior or Principal Security Software Engineer for Gradle Build Tool to help us create and deliver safe and secure software to our users, as part of a collaborative team.

Our ideal candidates have deep expertise in and are passionate about secure software development and DevSecOps principles. They are able to use technical expertise to help create secure software, and interpersonal skills to proactively develop and improve security related aspects of the software delivery process. They need to be able to collaborate with industry experts on broader security-related initiatives.

Responsibilities

• Protecting Gradle Build Tool and its ecosystem including the Plugin Portal against supply chain attacks
• Representing Gradle in industry-wide security-related initiatives
• Collaborating with feature teams during design and development to deliver secure implementations
• Managing discovered and reported application vulnerabilities, from analysis through to disclosure
• Fixing some of the detected security vulnerabilities and doing code reviews for others
• Proactively increasing knowledge of secure coding practices amongst the wider development team and organization

Requirements

Minimum qualifications

• Extensive knowledge of software vulnerabilities and their remedies
• Experience programming in Java
• Experience developing and executing an application security program
• Ability to develop, maintain and operate software security tooling and automation
• Working proficiency and communication skills in written and verbal English

Preferred qualifications

• Experience with using build systems
• Interest in developer tooling
• Experience contributing to open-source projects

Our Hiring Process

1. Introductory meetings with the Talent Team

2. Technical evaluation

• Take home assignment
• Technical interview I (1 hour)
• Technical interview II (1 hour)

3. Leadership meetings

4. Meeting with VP, Engineering (30 mins)

5. Meeting with our CEO (30 mins)

Benefits

What We Offer

• Work on a widely used product with a clear vision for the future
• Close collaboration with experienced and dedicated peer engineers and the opportunity to learn from them regardless of your experience level
• Opportunities for growth in technical and leadership responsibilities
• In-person meetings, such as our annual company offsite, team meetings, and onboardings
• Work from home in a remote-first environment
• Competitive salaries and equity grants

Other Benefits

• A focus on learning and development – Gradle offers an annual learning and development stipend and a monthly company-wide Learning Day, where we encourage all team members to focus on their professional development for the day
• A hardware package that includes a laptop, monitor, other peripheral hardware, and a home office stipend to make sure you are fully set up to work remotely
• Generous paid time off
• Paid public holidays
• Volunteer Day – We offer up to 8 hours of paid work time each year for team members to give back to their local communities