CrawlJobs Logo

Senior Software Supply Chain Security Engineer

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United Kingdom , London

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The role involves hands-on technical work to secure the software supply chain, ensuring the security and reliability of software products. The engineer will work closely with development teams and AWS engineering teams, advocating modern software development practices and integrating security best practices.

Job Responsibility:

  • Design and develop solutions to secure the software supply chain
  • Design AWS/cloud-centric solutions
  • Advocate modern software development practices
  • Integrate security best practices into workflows
  • Stay updated on supply chain security trends

Requirements:

  • Senior software engineer
  • Strong knowledge of AWS, Kubernetes (EKS and Openshift), Terraform, Helm, and ideally GCP
  • Familiar with DevSecOps disciplines
  • Understanding of CI/CD using modern tools such as TeamCity, Jenkins, Tekton, Spinnaker
  • Experience with scalable systems and new technologies

Nice to have:

  • Empathy with development teams' challenges
  • Passion for engineering excellence
  • Inclusivity and collaboration skills
What we offer:
  • Ongoing learning and professional development
  • Inclusive and flexible work culture

Additional Information:

Job Posted:
March 21, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Software Supply Chain Security Engineer

Senior Security Engineer

PagerDuty is seeking a Senior Security Engineer to join our diverse, customer-fo...
Location
Location
Canada , Toronto
Salary
Salary:
137000.00 - 207000.00 CAD / Year
https://www.pagerduty.com Logo
PagerDuty
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proficiency with Application & Product Security typically associated with 4 - 5 years of experience in a Security Engineering role working with a cloud-native, microservices environment, preferably AWS
  • Familiarity with cloud-native product technologies including: Vulnerability detection via multiple approaches including SAST, DAST, SCA, and runtime (e.g., Qualys/Nessus, Wiz, Snyk, GHAS, Semgrep, etc.)
  • CI/CD technologies and integrations (e.g., CircleCI, Buildkite, Helm, Terraform, Chef)
  • Product security event logging standards and analysis tools (e.g., SIEM such as: SumoLogic, LogRythm, or Splunk, etc.)
  • Security Incident Response & Risk Management processes and tools
  • Proficiency in at least one programming language and framework (e.g. Python, Bash, Phoenix/Elixir, Java, Ruby on Rails), typically associated with 3 - 4 years of experience with the language/framework
  • Have exceptional written, oral communication, and interpersonal skills
  • Organizational skills with the ability to successfully manage multiple priorities and deadlines
Job Responsibility
Job Responsibility
  • Embrace the role of hands-on technical lead in defining product security standards and guiding platform protections
  • Establish criteria and conduct comprehensive security reviews throughout all stages of product development to identify and address security risks
  • Perform regular threat assessments, coordinate with third-party testers for penetration testing, and conduct internal penetration testing to identify and mitigate security risks
  • Mentor and guide team members to ensure product and business objectives are prioritized in project implementations, fostering a strong documentation culture with project charters and design documents
  • Work with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach, and collaborate with the team to design and implement effective security frameworks. Maintain a strong appetite for challenging problems with a high degree of ownership
  • Participate in the team’s On-Call rotation, triaging and addressing security issues as they arise, and implement measures to prevent future occurrences
  • Enable service team security implementations by developing security-as-code constructs, including infrastructure-as-code (IaC) modules, libraries and frontend components, while creating and maintaining developer-focused documentation to promote easy adoption
  • Establish and uphold baseline standards and hardened configurations for platform components
  • Continuously enhance security frameworks by focusing on product security standards and software supply chain protections, tailored for application security in cloud-native, microservices environments
What we offer
What we offer
  • Competitive salary
  • Comprehensive benefits package from day one
  • Flexible work arrangements
  • Company equity
  • ESPP (Employee Stock Purchase Program)
  • Retirement or pension plan
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
  • Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)
  • Fulltime
Read More
Arrow Right

Senior Security Researcher

Endor Labs is building the Application Security platform for the software develo...
Location
Location
United States
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security research, vulnerability discovery, and offensive security
  • deep expertise in reverse engineering, exploit development, and software vulnerability analysis
  • strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
  • experience discovering and responsibly disclosing zero-day vulnerabilities
  • proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
  • proficiency in programming languages such as Python, Rust, or Go
  • strong analytical skills and the ability to conduct complex security research autonomously
  • excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences.
Job Responsibility
Job Responsibility
  • Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
  • develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
  • work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
  • publish research findings through technical blogs, white papers, and industry-leading security conferences
  • collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
  • contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
  • stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts.
What we offer
What we offer
  • Work with a world-class team dedicated to pushing the boundaries of security research
  • directly influence the security of modern software supply chains
  • a culture that values innovation, collaboration, and continuous learning
  • competitive compensation, flexible work environment, and a generous benefits package
  • opportunity to present groundbreaking research and contribute to the global security community.
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This role involves embedding security into software delivery pipelines, designin...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–8+ years of experience in Application Security, Product Security, or Secure Software Development
  • hands-on experience securing software delivery pipelines (CI/CD) and source code repositories (GitHub, GitLab, Jenkins)
  • knowledge of supply chain security frameworks and controls (e.g., SLSA, NIST SSDF)
  • familiarity with secrets management, artifact signing (Sigstore, Cosign), and build integrity practices
  • hands-on experience with WAF tuning, API security controls, and vulnerability remediation
  • proficiency with one or more programming languages (Python, Java, Go, JavaScript/Node.js)
  • experience with SAST, DAST, SCA, and container image scanning tools
  • cloud security experience with AWS, Azure, or GCP
  • deep understanding of OWASP Top 10 (Web + API), CWE, and secure coding practices
Job Responsibility
Job Responsibility
  • secure SDLC & DevSecOps integration
  • design and implement security controls for build and release pipelines (GitHub Actions, Jenkins, GitLab, Azure DevOps)
  • ensure code integrity via signing, artifact scanning, and build provenance
  • automate SAST, DAST, SCA, and container image scanning as part of the software delivery pipeline
  • identify and remediate misconfigurations in pipeline environments and access control
  • design, implement, and monitor WAF rules and API protections
  • perform API risk assessments
  • champion secure design patterns
  • conduct secure code reviews and support automation of testing pipelines
  • triage, prioritize, and track security issues identified in code, pipelines, and deployed environments
What we offer
What we offer
  • comprehensive suite of benefits that supports physical, financial and emotional wellbeing
  • programs catered to helping you reach career goals
  • inclusive work environment
  • Fulltime
Read More
Arrow Right

Senior Solution Engineer

JFrog is expanding in APAC, and we are looking for a strong Senior Solution Engi...
Location
Location
Singapore
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in pre-sales, solutions engineering, DevOps consulting, or platform engineering
  • Hands-on knowledge of Docker, Kubernetes, Git, Jenkins/GitHub/GitLab, cloud-native architectures
  • Strong communication and customer-facing skills
  • Based in Singapore and open to travel across SEA and Korea
Job Responsibility
Job Responsibility
  • Lead technical discovery, demos, and POCs for customers in SEA + Korea
  • Architect CI/CD, DevSecOps, and software supply chain solutions using the JFrog Platform
  • Work closely with sales, product, R&D, and channel partners
  • Represent JFrog at regional events, workshops, and customer sessions
  • Support enterprise adoption of Artifactory, Xray, Curation, Advanced Security, AI Catalog, Runtime, and more
Read More
Arrow Right

Principal Security Engineer

We’re building a world-class global Security team as part of our Trust Program. ...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
highspot.com Logo
Highspot
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of robust, progressive experience in security engineering, application security, DevSecOps, incident detection and response, or closely related fields
  • Advanced proficiency in at least one programming language (Python, Ruby, Go, Rust, JavaScript), with deep experience conducting detailed code reviews and security assessments across multiple languages
  • Hands-on experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems
  • Demonstrated experience mentoring, coaching and guiding junior and mid-level security engineers, contributing to a strong team culture, and supporting peer development as a senior individual contributor
  • Demonstrated proactive approach, strong continuous learning orientation, and curiosity about emerging threats, security trends, and innovative technologies
  • Extensive expertise securing cloud-native environments (AWS, Azure, GCP, containers, microservices), with in-depth knowledge of modern cloud security risks and defenses
  • Demonstrated ability to embrace being wrong, practice humility, continuously learn from experiences, and actively seek insights through thoughtful questioning and collaboration
Job Responsibility
Job Responsibility
  • Lead comprehensive application security assessments, advanced threat modeling sessions, and secure code reviews across critical product features, internal tooling, endpoints, and third-party integrations
  • Collaborate strategically with product engineering to establish and enhance secure-by-default and privacy-by-design practices within the software development lifecycle (SDLC)
  • Lead and otherwise participate in incident detection, investigation, triage, containment, and root cause analysis for high impact security incidents, providing mentorship and guidance to junior engineers as required
  • Drive the development and continuous improvement of sophisticated detection rules, response automation, and optimized alert management across cloud environments, corporate infrastructure, and SaaS platforms
  • Lead and participate in complex vulnerability remediation processes, and effectively respond to security issues discovered by both internal teams and external sources
  • Document technical findings and strategic decisions in a clear and accessible manner, and procedural enhancements
  • significantly contribute to comprehensive security playbooks and knowledge repositories
  • Manage and oversee asksecurity@ request handling, and actively participate in sprint-based security activities, balancing strategic and tactical execution
  • Actively participate in the security on-call rotation, or provide senior-level guidance as required during an event and aid in rapid response capabilities to protect our 24x7 platform and global workforce
  • Fulltime
Read More
Arrow Right

Sr Software Engineer, Workday

The Senior Software Development Engineer specializing in ERP preferably in Workd...
Location
Location
United States , Englewood
Salary
Salary:
49.78 - 74.05 USD / Hour
americannursingcare.com Logo
American Nursing Care
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelors Of Science in Computer Science or equivalent knowledge and skills obtained through a combination of education, training, and experience in a senior-level Healthcare environment
  • 5+ years of experience working in IT as an ERP Software Engineer or equivalent software development role
  • 5+ years of Workday integration development (Studio, EIB, RaaS, APIs, Workday Extend)
  • 1-3 years - Strong understanding of HCM, Payroll, Finance, and Supply Chain modules and related data models
Job Responsibility
Job Responsibility
  • Business Process Analysis & Optimization: Analyze existing business processes and workflows to identify opportunities for improvement and automation
  • Agile Development & Collaboration: Lead and actively participate in agile ceremonies
  • Collaborate effectively with business analysts, scrum masters, QA analysts, product owners, and other cross-functional teams
  • Software Development & Deployment: Lead development of ERP - Workday integrations using Workday Studio, EIB, Cloud Connectors (PECI, etc.,), RaaS, APIs including WQL, and Workday Extend
  • Build and maintain secure, scalable integrations with downstream and upstream systems
  • Develop calculated fields, condition rules, business processes, and custom reports
  • Data Conversion & Migration: Collaborate with the Data Conversion team leveraging GCP BigQuery for centralized transformation of HR, Payroll, Finance, and Supply Chain data
  • Build automated scripts and validation tools
  • Partner with SMEs to reconcile data from multiple source ERPs
  • Technical Leadership & Governance: Document and demonstrate solutions through clear and concise documentation
What we offer
What we offer
  • medical
  • prescription drug
  • dental
  • vision plans
  • life insurance
  • paid time off (full-time benefit eligible team members may receive a minimum of 14 paid time off days, including holidays annually)
  • tuition reimbursement
  • retirement plan benefit(s) including, but not limited to, 401(k), 403(b), and other defined benefits offerings
  • Fulltime
Read More
Arrow Right

Go/Java Senior Software Engineer

Working at Citi is far more than just a job. A career with us means joining a te...
Location
Location
Poland , Warsaw
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate software engineer with a good grasp of how to build reliable code
  • Familiar with or eager to learn about cloud-native apps and modern CI/CD tools
  • Some experience in an agile team using modern programming languages
  • Familiar with or keen to learn about implementing cloud/containerized applications using tools like Docker, Kubernetes, RedHat OpenShift, or big cloud providers like AWS, Azure, or GCP
  • Basic understanding of how microservices work, REST APIs, and message systems like Kafka or keen to learn more
  • Love working with others on scalable systems, are open to new technologies, and enjoy pushing the limits
Job Responsibility
Job Responsibility
  • Diving into the code, helping to build and improve tools that keep our software supply chain super secure
  • Learning and apply modern software development ideas, focusing on how to build things securely right from the start
  • Work closely with other development teams, helping them bake security into everything they do
  • Explore the latest trends and technologies in keeping software supply chains safe
What we offer
What we offer
  • Private Medical Care Program
  • Life Insurance Program
  • Pension Plan contribution (PPE Program)
  • Employee Assistance Program
  • Paid Parental Leave Program (maternity and paternity leave)
  • Sport Card
  • Holidays Allowance
  • Sport and team recreation activities
  • Special offers and discounts for employees
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Senior Product Manager - CoreAI

Microsoft’s mission is to empower every person and every organization on the pla...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree AND 5+ years experience in product/service/program management or software development OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
  • 4+ years of product management experience in security, compliance, or developer tooling domains
  • Domain knowledge of software supply chain security, including risks associated with open source package consumption
  • Hands‑on experience with AI models applied to security risk detection and remediation
  • Understanding of DevOps lifecycle and modern engineering practices
  • Track record of delivering complex, cross‑company initiatives with measurable impact
  • Communication and collaboration skills, with the ability to influence senior stakeholders across engineering and compliance
  • Experience of using and managing security aspects of MCP servers
Job Responsibility
Job Responsibility
  • Drive product vision and strategy for software supply chain security within 1ES, specifically for securing AI agents, MCP servers, and ensuring alignment with Microsoft’s compliance and security goals
  • Lead AI‑assisted risk remediation across Microsoft repositories, defining requirements and guiding engineering execution
  • Develop deep insights into open source consumption patterns, specifically across NuGet, NPM, PyPI, Maven, Cargo, and Go ecosystems, to inform risk mitigation strategies
  • Collaborate across engineering, security, compliance, and legal teams to ensure solutions meet both technical and regulatory requirements
  • Define success metrics and outcomes, track progress, and iterate based on data‑driven insights
  • Champion secure DevOps practices, integrating supply chain security into the full lifecycle of software development
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy