Staff Software Engineer – Vulnerability Management

October 15

Apply Now

Receive Emails with Similar Jobs

Cloudera

WebsiteLinkedInAll Job Openings

Enterprise • SaaS • Artificial Intelligence

Cloudera is a leading enterprise data cloud company that empowers businesses to manage and analyze data across any environment. Offering a hybrid data platform, Cloudera facilitates modern data architectures with solutions like open data lakehouse, scalable data mesh, and unified data fabric, designed for artificial intelligence, data engineering, and machine learning. Key industries served include financial services, telecommunications, healthcare, and more, where Cloudera's platform enables secure, scalable, and effective data management. By leveraging AI and advanced analytics at scale, Cloudera helps organizations transform their data into actionable insights.

1001 - 5000 employees

Founded 2008

🏢 Enterprise

☁️ SaaS

🤖 Artificial Intelligence

💰 $4.1M Venture Round on 2013-01

📋 Description

• Learn and Adapt • Get familiarized with Cloudera’s products and services end-to-end and gain a full appreciation for the product and development lifecycle • Understand our open source and proprietary ecosystem, and identify areas for improvement in terms of current CVE remediation efforts • Design and Development: Identify tooling and frameworks for improving developer productivity - AI/ML Tools that can expedite in remediating CVE fixes • Design and develop POCs to enterprise-class solutions to enable the delivery of high-quality remediation across the entire customer-facing Cloudera stack • Process: Work alongside the product security team to evaluate and enhance existing security tools (SCA, SAST, DAST, etc.) and explore new technologies to improve vulnerability detection and remediation speed/accuracy • Integrate enhanced security scanning into CI/CD pipelines • Contribute to the development of a proactive dependency management strategy • Collaborate with the Release Engineering team to manage branches and ensure smooth merges and stable mainline builds • Participate in defining and enforcing clear CVE SLAs and accountability • Collaboration & Communication: Work closely with cross-functional teams including Product Security, Engineering Component Teams, QE, Release Engineering, and Customer Support • Contribute to regular reporting on CVE debt reduction, SLA adherence, and other key metrics • Actively participate in daily stand-ups and other team meetings

🎯 Requirements

• Bachelor's or Master's degree in Computer Science, Software Engineering, or a related field • 5-7 years of experience as a Software Engineer, with a strong focus on security and vulnerability remediation as a big plus • Strong proficiency in at least two of the following programming languages: Java, Scala, Python, DJango, Go, C++, TypeScript, JavaScript, Node JS, React JS • Deep understanding of the need for library upgrades and CVE vulnerability analysis and fixing • Proficiency with vulnerability management CVE tooling such as Aquasec, Triaging, and JIRA ticketing • Knowledge of open-source patch management, including upstream and downstream code lines, fixing, merging, and checking into Git • Hands-on experience with tools like Docker, Maven, SonarQube, Harness, Jenkins, and GitHub Actions • Experience with relational databases (e.g., Postgres/RDS) • Familiarity with cloud essentials, particularly Kubernetes and AWS • Understanding of automation stacks, including test frameworks like Quantum, and the ability to validate fixes with self-serve test/fix • Experience contributing to open-source projects is a plus • Excellent problem-solving skills, with the ability to diagnose and resolve complex security issues in large-scale software systems • Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team environment • Experience with large-scale software development and testing.

🏖️ Benefits

• Generous PTO Policy • Support work life balance with Unplugged Days • Flexible WFH Policy • Mental & Physical Wellness programs • Phone and Internet Reimbursement program • Access to Continued Career Development • Comprehensive Benefits and Competitive Packages • Paid Volunteer Time • Employee Resource Groups