Jobs at Canonical

• The team's role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, internal policies and procedures defined and international standards/best practices. This position is for an individual with the knowledge, drive and personal motivation to help build and grow a strong security & compliance governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications.
• This role can be home or office based. Periodic international travel for training and business meetings is required.

Key responsibilities:

• Collaborate with IT operations, Legal, Security, and Engineering teams to define and implement policies and procedures
• Help to design and implement controls to strengthen the company's Security Posture
• Collaborate with various teams to ensure security standards are met across all projects
• Assess vulnerabilities/risks that could affect the integrity, availability, or confidentiality of data, systems, or services of the company and provide mitigation solutions
• Conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions
• Ensure controls are configured correctly and integrated into the security strategy
• Collaborate with internal teams to respond to Security Questionnaires, Contract Compliance and Security & Compliance posture questions from customers
• Provide guidance and support to internal stakeholders regarding security & compliance practices
• Collaborate with internal teams to gather evidence for external audits
• Participate in the creation and or maintenance of the Information Security Management System
• Maintain an up-to-date knowledge on Security standards, best practices and trends to ensure ongoing compliance

Required skills and experience:

• 2+ years of experience within a security and compliance function
• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company's strategy and best practices
• Experience with security controls implementation, configuration and maintenance
• Experience with vulnerability management tooling, remediation, and processes
• Experience with coding/scripting in one or more languages (Python, C, C++, Java)
• Experience with Linux operating systems (Ubuntu preferred)
• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography
• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.
• Experience with third party and external audits

Valuable experience:

• Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
• Affinity with Open Source software with regards to compliance
• Knowledge of designing and implementing security processes and solutions with topics ranging from architecture, governance, compliance, and operations
• Technical or engineering background, including software development, scripting, networking, and cloud architecture

go to method of application »

• The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.
• The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Implement and evolve Canonical's SecOps security standards and playbooks
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change

What we are looking for

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Expertise in threat modelling and risk management frameworks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF
• Experience with security standards such as ISO 27001

Optional things we value

• Experience in a security operations team or a security operations centre (SOC)
• Experience in offensive or defensive security teams with hands-on ability
• Experience with state-actor and other advanced persistent threats

go to method of application »

• The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.

What we are looking for

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology