This is a unique opportunity to use your software engineering and cryptography skills to build and maintain the security foundation that enables Ubuntu and its users to operate securely and remain compliant with international information security standards such as FIPS 140-3 and Common Criteria. You will utilize your applied cryptography, Linux Security, and coding skills to enhance the Ubuntu distribution and work with organizations such as DISA and CIS to draft and implement security hardening benchmarks for Ubuntu.
As a member of the Security Hardening team, you will develop automation tooling to audit deployed systems for DISA-STIG and CIS benchmark compliance. You will collaborate with internal and external stakeholders to identify gaps in our frameworks and develop new solutions. This role offers the chance to influence the team's security culture, facilitate technical delivery, and help drive team direction and execution.
Day-to-Day Responsibilities:
- Collaborate with other engineers in the Security Hardening team to achieve various Security certifications.
- Extend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features required for FIPS and CC certification.
- Collaborate with external security consultants to test and validate kernel and crypto module components.
- Work with external partners to develop security hardening benchmarks and audit + remediation automation for Ubuntu.
- Contribute to upstream projects to land solutions that benefit the community.
- Communicate and collaborate to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on schedule.
Requirements:
- Hands-on experience with low-level Linux cryptography APIs and debugging.
- Excellent software engineering fundamentals, including experience with C development.
- Hands-on experience with Linux system administration and shell scripting.
- Knowledge of security and cryptography fundamentals, with direct experience writing secure code.
- Significant development experience with open source libraries.
- Excellent verbal and written communication skills to enable collaboration in a remote-first environment.
Additional Skills That You Might Bring:
- Prior experience working on FIPS/Common Criteria certified products.
- Familiarity with DISA-STIG or CIS benchmarks and related audit + remediation tooling.
- Experience with Linux Kernel.
- Prior experience with Python, OVAL, and Ansible.
Language Requirements:
English proficiency is essential for communication within the remote-first environment.
What We Offer You:
Canonical provides a competitive compensation package that includes a performance-driven annual bonus and a personal learning and development budget of USD 2,000 per year. We also offer annual compensation reviews, recognition rewards, and additional benefits such as maternity and paternity leave, an Employee Assistance Programme, and opportunities for travel to meet team members.
About Canonical:
Canonical is a pioneering tech firm at the forefront of the global move to open source, known for publishing Ubuntu. As a remote-first company since 2004, we aim to challenge you to think differently, work smarter, and raise your game in the world of digital business. We are committed to fostering a workplace free from discrimination and value diversity in experience, perspectives, and backgrounds.
