Senior Application Security Engineer

At Gradle Inc. our purpose is to bring joy to software builders and value to the business professionals that use it. We are the company behind the Gradle Build Tool, which is one of the top 20 Most Popular Open Source Projects for IT, used by millions of developers, and is downloaded over 30 million times a month. 

Gradle Enterprise is a first-of-its-kind product that software teams use to accelerate and optimize Gradle, Apache Maven™, Bazel, and sbt builds. It comprises several facets, including large-volume data ingestion and processing, complex data analysis and visualization, and distributed caching and execution systems. 

Our software is used by some of the world's leading software organizations, such as Netflix, Airbnb, Spotify, SAP, several top ten banks, and many other major customers across all verticals. We regularly collaborate with these and other users to make our products continuously better.

The Security team at Gradle is expanding and we are looking for a Senior Application Security Engineer to build out and operationalize our Application Security Program. As a company focused on Developer Productivity, finding the balance between Productivity and Security is of utmost importance and will be vital to the success of this position. The role centers around implementing and managing the tools and processes to enable our Engineering colleagues to build secure software. 

• Greenfield projects such as
• Design and implement tooling and processes for Application Security across our software development teams
• Developer training and security awareness
• Proactive measures to produce higher quality and secure software 
• Day to day tasks such as
• Vulnerability Management for Gradle developed software, including triaging incoming vulnerabilities and managing the process to remediation 
• Identifying gaps in engineering practises and recommend appropriate solutions
• Assisting developers with fixes and best practices
• Build automation and monitoring
• Evangelise security best practices
• Supporting and consulting with development teams on new features, threat modeling and testing 

• Strong engineering background with 5-10 Years working in Application Security or adjacent fields
• Strong communicator, who’s highly effective at consensus and relationship building
• Ability to read and understand Java code 
• Experience doing AppSec for enterprise-grade software 
• High degree of experience securing CI/CD processes
• Experience with Java Security Tooling 

• Familiarity with Gradle Build Tool
• Experience with securing software supply chains 
• Experience in remote roles

• Work on a widely used product with a clear vision for the future
• Close collaboration with experienced and dedicated peer engineers
• Opportunities for growth in technical and leadership responsibilities
• In-person meetings, such as our annual company offsite, and team meetings
• Work from home in a remote-first environment 
• Competitive salaries and equity grants

• A focus on learning and development – Gradle offers an annual learning and development stipend and a monthly company-wide Learning Day, where we encourage all team members to focus on their professional development for the day
• A hardware package that includes a laptop, monitor, other peripheral hardware, and a home office stipend to make sure you are fully set up to work remotely
• Generous paid time off
• Paid public holidays
• Volunteer Day – We offer up to 8 hours of paid work time each year for team members to give back to their local communities

• While our team works remotely and is spread across the globe, we deeply value daily interactions and collaboration.
• Your working hours should primarily cover up to UTC 08:00 - 17:00, with the ability to occasionally work with America as needed.

The following is required with your application:

• Submit your resume and cover letter via the form below

We are a diverse and inclusive workplace with a global multicultural team that learns from and respects each other. We are committed to advancing diversity and inclusion forward by investing resources in company-wide inclusion trainings, improving recruitment processes and contributing to groups that are committed to advancing racial/social justice and equality.  

Gradle is an equal opportunity employer. We welcome people of different backgrounds, experiences, abilities, and perspectives and consider all qualified applicants without regard to race, color, national origin, citizenship status, gender, gender identity or expression, sexual orientation, religion, disability, age or any other applicable characteristics protected by law.

Visit our careers page to learn more about the company and see other open positions. Visit Glassdoor to read what current and former Gradle employees have to say about the company.

For information about our collection, use, and disclosure of applicants’ personal information as well as applicants’ rights over their personal information, please see our Job Applicant Privacy Notice.