Engineering Manager - Security Standards and Hardening

As the most widely used Linux distribution, Ubuntu underpins the security of the entire internet. The role of Security Engineering Manager directly impacts the safety and security of millions of users worldwide. Join a team of security experts dedicated to protecting the open-source ecosystem and driving innovation. Your leadership will be instrumental in addressing emerging threats, developing robust security measures, and ensuring the continued integrity of Ubuntu.

This role involves leading the charge to set security standards for open source software across the Ubuntu platform, which includes desktops, servers, edge devices, cloud infrastructure, Kubernetes, and OpenStack. You will certify core components to meet industry standards and guide development teams in security best practices, especially in areas like cryptographic modules (FIPS 140) and system hardening.

Responsibilities:

• Lead and develop a team of engineers, ranging from graduate to senior levels.
• Coach, mentor, and provide career development feedback.
• Identify and measure team health indicators and implement disciplined engineering processes.
• Represent your team and product to stakeholders, partners, and customers.
• Develop and promote great engineering and organizational practices.
• Support products and customers in meeting strict product security requirements such as FIPS, CIS, STIG, and FedRAMP.
• Collaborate with industry partners on cryptography modules and system hardening efforts.

Qualifications:

• Exceptional academic track record from high school and university.
• Undergraduate degree in Computer Science or related STEM field, or a compelling alternative path.
• Proven ability to develop and grow individuals within your team.
• Excellent verbal and written communication skills in English.
• Organised and capable of ensuring timely, high-quality results.
• Prior experience working on FIPS/Common Criteria certified products and knowledge of relevant standards.
• Experience with DISA-STIG or CIS benchmarks, including related audit and remediation tooling.
• Passionate about software and application security.
• Solid experience in an agile development environment.
• Willingness to travel twice a year for company events lasting up to two weeks.

Optional Qualifications:

• Hands-on knowledge of Linux cryptography libraries (OpenSSL, GnuTLS).

What We Offer:

• Competitive compensation based on geographical location, experience, and performance.
• Performance-driven annual bonus.
• Personal learning and development budget of USD 2,000 per year.
• Annual compensation review and recognition rewards.
• Distributed work environment with twice-yearly team sprints in person.
• Annual holiday leave, maternity and paternity leave, and Employee Assistance Programme.
• Opportunity to travel to meet colleagues and attend company events.

About Canonical:
Canonical is a pioneering tech firm dedicated to advancing the global move to open source, publishing Ubuntu, a major open source project integral to AI, IoT, and cloud. As a remote-first company since 2004, we promote diversity, ensure fair consideration for all applicants, and strive for excellence in our mission and workplace.