Manager Engineering Ubuntu Security

Roles and responsibilities

• Lead and develop a team of engineers, ranging from graduate to senior
• Provide technical guidance on vulnerability remediation
• Drive the development of new security engineering projects
• Work with upstream open source projects on vulnerability lifecycle handling
• Coach, mentor, and offer career development feedback
• Identify and measure team health indicators
• Implement disciplined engineering processes
• Represent your team and product to stakeholders, partners, and customers
• Develop and evangelise great engineering and organisational practices
• Plan and manage progress on agreed goals and projects
• Be an active part of the security engineering leadership team, collaborating with other leaders

What we are looking for in you

• An exceptional academic track record from both high school and university
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive, and a track record of going above-and-beyond expectations
• Excellent verbal and written communication skills in English
• A love of developing and growing people and a track record of it
• Organised and able to ensure your team delivers timely, high quality results
• Professional manner interacting with colleagues, partners, and community
• Solid background in software development, including expertise in support and maintenance
• Mastery in any programming language (Go, Java, C, Python, ...)
• Knowledgeable and passionate about software and application security
• Solid experience working in an agile development environment
• A demonstrated drive for continual learning
• Builds trust, relationships and confidence
• Result-oriented, with a personal drive to meet commitments
• Ability to travel twice a year, for company events up to two weeks each

Optional things we value

• Strong technical understanding of the inner-workings of Linux distributions (ideally Ubuntu or Debian)

Desired candidate profile

1. Security Strategy and Planning

• Develop and Execute Security Strategies: Lead the development of security strategies for Ubuntu, defining both short-term and long-term goals for securing the operating system and related services.
• Security Roadmap: Develop and maintain a security roadmap, ensuring that Ubuntu security features and patches are aligned with the company's goals and meet customer needs.
• Risk Management: Continuously assess and manage risks related to Ubuntu’s security posture, ensuring that security best practices are followed.

2. Team Leadership and Management

• Lead Security Engineering Teams: Manage and mentor a team of security engineers, providing technical leadership, career development, and regular performance reviews.
• Collaboration with Cross-Functional Teams: Work closely with other teams, including software development, quality assurance, and DevOps, to ensure that security is integrated into all stages of the software lifecycle.
• Recruitment and Hiring: Lead efforts to recruit, interview, and hire top security talent to strengthen the security engineering team.

3. Security Vulnerability Management

• Vulnerability Assessment: Oversee the identification, assessment, and remediation of vulnerabilities within the Ubuntu OS and related packages. Ensure that vulnerabilities are handled according to priority.
• Patch Management: Ensure timely delivery of security patches and updates to users through Ubuntu's regular update mechanisms.
• Incident Response: Develop and oversee incident response protocols for security breaches or vulnerabilities, including root cause analysis and mitigation strategies.

4. Security Tools and Automation

• Security Tools Development: Lead the design and implementation of security tools and automated systems that help secure the Ubuntu environment, such as patch management systems, security scanning tools, and monitoring solutions.
• Automation: Integrate security best practices into CI/CD pipelines and automation frameworks to ensure secure software development and deployment processes.
• Penetration Testing: Oversee regular penetration testing and other security assessments to identify vulnerabilities proactively and ensure Ubuntu's security posture is robust.

5. Compliance and Standards

• Regulatory Compliance: Ensure that Ubuntu meets industry security compliance standards, such as GDPR, HIPAA, PCI DSS, and other relevant regulations.
• Security Audits: Lead internal and external security audits, ensuring that Ubuntu’s security practices are up to date and meet compliance requirements.
• Security Documentation: Maintain clear and detailed documentation on security policies, procedures, and incident responses to ensure transparency and consistency.

6. Community Engagement and Advocacy

• Engage with the Ubuntu Community: As Ubuntu is an open-source project, the Engineering Manager must work closely with the Ubuntu community and upstream contributors to ensure that security patches, improvements, and vulnerabilities are shared and addressed.
• Contribute to Open Source Security: Advocate for and contribute to the open-source security ecosystem, participating in discussions around best practices, vulnerabilities, and patches.
• User Education and Communication: Engage with the Ubuntu user base to communicate security updates, best practices, and provide guidance on securing their environments.

7. Metrics and Reporting

• Security Metrics: Define and track security metrics to measure the effectiveness of security initiatives, track vulnerabilities, and monitor the overall security health of the Ubuntu environment.
• Reporting to Leadership: Regularly report on security trends, incidents, patching statuses, and team performance to senior leadership.