Canonical - We deliver open source to the world faster, more securely, and more cost-effectively than any other company. We develop Ubuntu, the world’s most popular enterprise Linux from cloud to edge, together with a passionate global community of 200,000 contributors. Ubuntu means 'humanity to others. We chose it because it embodies the generosity at the heart of open source, the new normal for platforms and innovation. Together with a community of 200,000, we publish an operating system that runs from the tiny connected devices up to the world's biggest mainframes, the platform that everybody uses on the public cloud, and the workstation experience of the world's most productive developers. Secure and reliable, elegant and intuitive, and open for innovation - Ubuntu is the future of open source, which is why it's the fastest-growing Linux in the world despite already being the most widely deployed.
We are recruiting to fill the position below:
Job Title:Linux Cryptography and Security Engineer
Ubuntu is built with Security in mind from the ground up and keeps you protected against security vulnerabilities. Ubuntu helps organizations remain compliant to FIPS 140-2 and Common Criteria standards.
You will use your applied cryptography, Linux, Linux Security, bash and C coding skills to enhance the Ubuntu distribution to attain FIPS and Common Criteria certifications.
You will also work with DISA and CIS to help draft Ubuntu STIGs and Ubuntu CIS benchmarks. You will work with and support the team to develop automation tooling for making Ubuntu systems STIG and CIS benchmark compliant and audit the systems for compliance.
Scripting skills (OVAL/bash) will be used to assist with tooling. You will work with the team to achieve new compliance and certifications for Ubuntu as needed. You will have the opportunity to influence the culture, facilitate technical delivery, and work with your team on direction and execution.
The successful candidate will collaborate with Canonical’s kernel and security teams to extend and enhance the Ubuntu distribution with the features necessary to achieve and retain FIPS and CC certification.
Support the Security Certifications engineers to achieve and retain various Security certifications.
Work with the Manager on scoping, prioritization and resourcing for all team's deliverable.
Extend and enhance Linux cryptographic components - specifically with modules such as OpenSSL/Libgcrypt - with the features and functionality required for FIPS and CC certification.
Collaborate with external security consultants to test and validate kernel and crypto components, achieve and retain FIPS and CC certification, and develop CIS benchmarks and STIGs for Ubuntu.
Work in partnership with the internal project manager to ensure delivery against project goals and milestones, identifying technical risks and mitigating them
Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community.
Contribution to continuous integration infrastructure: automated testing and validation.
Self-discipline and self-motivation to support and perform day-to-day engineering activities and deliver to schedules in a globally distributed team.
Communication and collaboration within and outside Canonical to rapidly resolve issues and keep the project on track.
Required Skills and Experience
Significant experience working with open source libraries.
Knowledge of Linux Security and Cryptography.
Experience with patching and associated tooling: identifying, isolating, applying and testing patches, and resolving any resulting issues.
General Linux development skills (C proficiency, git experience, debugging with gdb).
Experience with bash scripting.
Desired Skills and Experience:
Software packaging and maintenance experience, especially using Debian packaging.
Knowledge of and familiarity with low-level Linux cryptography APIs and debugging.
Experience working with Linux Kernel.
Familiarity with open source development tools and methodologies, especially those in common-use for development of the Linux ecosystem such as: Launchpad, IRC, and mailing-lists.
Knowledge of security benchmarks such as STIG and CIS benchmarks.
Security Certification experience and knowledge in FIPS and/or CC.
Experience with OVAL (Open Vulnerability Assessment Language) and Go.