Staff Software Engineer - Vulnerability Management

Business Area:

Seniority Level:

Job Description:

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises.

Cloudera prioritizes secure and reliable data management. To strengthen our vulnerability management program and address CVEs beyond defined SLAs, the CVE Taskforce will partner with internal and external teams to explore AI-driven remediation solutions. The team will collaborate across product engineering to design and deploy mechanisms that ensure FedRAMP-level compliance while accelerating the speed and quality of vulnerability mitigation.

Cloudera is seeking a highly skilled and motivated Staff Software Engineer to join our CVE Taskforce. This critical role will be instrumental in eliminating existing Common Vulnerabilities and Exposures (CVE) across Cloudera's production environments, mainline platform, and data service repositories, and establishing robust, repeatable mechanisms for ongoing vulnerability management.

As a Staff Software Engineer on the CVE Taskforce, you will contribute directly to enhancing Cloudera's security posture and fortifying customer trust by ensuring adherence to stringent CVE Service Level Agreements (SLAs), including FedRAMP remediation timelines. Perform Proof of Concept (POC) to test potential AI-enabled solutions that will help Developer remediation, such as prompting Engineers to automate library upgrades.

As a Staff Software Engineer you will…

• Learn and Adapt

  • Get familiarized with Cloudera’s products and services end-to-end and gain a full appreciation for the product and development lifecycle.

  • Understand our open source and proprietary ecosystem, and identify areas for improvement in terms of current CVE remediation efforts.

• Design and Development:

  • Identify tooling and frameworks for improving developer productivity - AI/ML Tools that can expedite in remediating CVE fixes

  • Design and develop POCs to enterprise-class solutions to enable the delivery of high-quality remediation across the entire customer-facing Cloudera stack.

• Process:

  • Work alongside the product security team to evaluate and enhance existing security tools (SCA, SAST, DAST, etc.) and explore new technologies to improve vulnerability detection and remediation speed/accuracy.

  • Integrate enhanced security scanning into CI/CD pipelines.

  • Contribute to the development of a proactive dependency management strategy.

  • Collaborate with the Release Engineering team to manage branches and ensure smooth merges and stable mainline builds.

  • Participate in defining and enforcing clear CVE SLAs and accountability.

• Collaboration & Communication:

  • Work closely with cross-functional teams including Product Security, Engineering Component Teams, QE, Release Engineering, and Customer Support.

  • Contribute to regular reporting on CVE debt reduction, SLA adherence, and other key metrics.

  • Actively participate in daily stand-ups and other team meetings.

We’re excited about you if you have:

• Bachelor's or Master's degree in Computer Science, Software Engineering, or a related field.

• 5-7 years of experience as a Software Engineer, with a strong focus on security and vulnerability remediation as a big plus.

• Strong proficiency in at least two of the following programming languages: Java, Scala, Python, DJango, Go, C++, TypeScript, JavaScript, Node JS, React JS.

• Deep understanding of the need for library upgrades and CVE vulnerability analysis and fixing.

• Proficiency with vulnerability management CVE tooling such as Aquasec, Triaging, and JIRA ticketing.

• Knowledge of open-source patch management, including upstream and downstream code lines, fixing, merging, and checking into Git.

• Hands-on experience with tools like Docker, Maven, SonarQube, Harness, Jenkins, and GitHub Actions.

• Experience with relational databases (e.g., Postgres/RDS).

• Familiarity with cloud essentials, particularly Kubernetes and AWS.

• Understanding of automation stacks, including test frameworks like Quantum, and the ability to validate fixes with self-serve test/fix.

• Experience contributing to open-source projects is a plus.

• Excellent problem-solving skills, with the ability to diagnose and resolve complex security issues in large-scale software systems.

• Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team environment.

• Experience with large-scale software development and testing.

What you can expect from us:

• Generous PTO Policy

• Support work life balance with Unplugged Days

• Flexible WFH Policy

• Mental & Physical Wellness programs

• Phone and Internet Reimbursement program

• Access to Continued Career Development

• Comprehensive Benefits and Competitive Packages

• Paid Volunteer Time

• Employee Resource Groups

EEO/VEVRAA