Product Security Engineer

The AdaCore Security team is looking for a Product Security Engineer to help AdaCore scale our various missions.

For 30 years, we've partnered with global leaders in aerospace & defense, air traffic management, space, railway and financial services. We've developed tools and services simplifying high-integrity software development through a subscription-based model. As demand for secure applications grows in industries like automotive, medical, energy, and IoT, we're adapting our proven technologies to assist a new generation of developers.

Our 150 global experts based in the US, France, Germany, the UK, and Estonia, collectively develop cutting-edge technologies to address the challenges of high-grade software development.

Joining AdaCore is about joining a culture of innovation, openness, collaboration and dependability, which defines how we work together, with our customers and partners.

Job description:

As part of AdaCore's Product Security and Software Supply Chain teams, you will:

1. Be in charge of implementing and maintaining the infrastructure necessary to provide our customers with accurate and up-to-date information related to the security of our products.
2. Work with the Product Engineering team to identify, track, publish, and resolve security issues.
3. Help define, implement, and maintain vulnerability management and secure development procedures, and train engineers to improve security awareness and compliance with our procedures.
4. Help fix problems uncovered by Software Composition Analysis (SCA), like license checks or code quality.
5. Ensure our supply chain is SLSA (Supply-chain Levels for Software Artifacts) build level 3 compliant.

Responsibilities

1. Maintain SBOM and vulnerability analysis infrastructure
2. Help Product Engineering teams assess the impact of CVEs on our products
3. Identify possible security issues from incoming security submissions and support requests
4. Analyze possible security issues to determine if they are actual vulnerabilities
5. Follow SLSA evolutions to help maintain our SLSA levels of compliance
6. Draft security advisories and get them published
7. Manage CVE entries in the MITRE database for AdaCore products
8. Define and maintain procedures in the area of product security and CVE management
9. Define and maintain secure development procedures for AdaCore products
10. Train the Engineering team to improve security awareness and effective enforcement of our procedures

Qualification and skills

1. Software engineering background (mandatory)
2. Advanced knowledge of either C, C++, Ada, or Rust (mandatory)
3. Good writing skills in English (mandatory)
4. Good communication skills and ability to work within a team (mandatory)
5. Experience in Cybersecurity and vulnerability management (desirable)
6. Experience with software supply chain security (desirable)
7. Knowledge of Python (desirable)

Beyond the job

We're a global organization driven by diverse backgrounds, fostering innovation through an open exchange of ideas. We welcome applicants of all backgrounds, celebrating diversity in ethnicity, nationality, gender, age, religion, abilities, sexual orientation, veteran or marital status.

Our commitment is to help our teammates, wherever they are based, feel comfortable and satisfied, by encouraging flexibility to ensure them a healthy work-life balance. Additionally, we prioritize individual development by offering continuous training from day one with a personalized onboarding plan.

#J-18808-Ljbffr