We seek a passionate and motivated Lead Security Software Engineer to join our team.

This is a great opportunity for an experienced software engineer with a special interest in software security throughout all stages of the development cycle; design, implementation, and operations.

About Vespa.ai:

Vespa.ai is a team of passionate builders. We maintain and develop the Apache 2.0 licensed open-source project Vespa. Vespa lets our users run big data + AI, online. At any scale, with unbeatable performance.

Vespa is a fully featured search engine and vector database. It supports vector search (ANN), lexical search, and search in structured data, all in the same query. Integrated machine-learned model inference allows to apply AI to make sense of data in real-time. Together with Vespa's proven scaling and high availability, this empowers to create production-ready search applications at any scale and with any combination of features. Our users and customers are #1 in e-commerce, content, and financial services globally and used by companies like Spotify, Yahoo, Wix, and many more.

In addition to our open-source platform, Vespa.ai runs Vespa Cloud, a robust SaaS offering that allows businesses to easily harness the power of our technology.

At Vespa.ai, we are a security-first company and are extremely focused on automating whatever we do to grow fast with high quality while maintaining industry-leading, strong security. In all roles, we scale using technology, not simply larger teams. We take pride in being small, nimble, and the most productive.

Position Overview:

As the Lead Security Software Engineer at Vespa.ai, you will be critical in ensuring the security of our products, infrastructure, and data. You will be a security champion within our engineering team, driving the implementation of secure coding practices and leading security initiatives. You will be a hands-on developer, contributing to our codebase while also providing guidance and mentorship to other engineers on security best practices. This role reports directly to the CTO and offers a unique opportunity to shape the security strategy of a growing company.

As the Lead Security Software Engineer at Vespa.ai, you will collaborate with cross-functional teams to design, implement, and maintain robust infrastructure solutions and features that meet our high availability requirements.

An ideal candidate dislikes doing things twice and instead automates using Java or scripts, with proper monitoring, such as creating alerts, badges, and dashboards.

The responsibilities of this position include:

• Develop and maintain secure software using Java, GoLang, and other relevant technologies.
• Stay up-to-date on the latest security threats and vulnerabilities.
• Collaborate on threat modeling, risk assessments, and secure architecture.
• Oversee security tools (e.g., static analysis, vulnerability scans) and workflows.
• Coordinate regular security assessments, code reviews, and penetration testing with our security technology partners.
• Identify and mitigate security vulnerabilities in our products and infrastructure.
• Define, implement, and champion security best practices, training, and guidelines across teams.
• Collaborate with the CTO to define and implement the company's security strategy.
• Communicate security risks and solutions clearly to technical and non-technical audiences.

We code using Mac or Linux laptops, using tools of our own choice. Everything we do is auto-tested and released daily. Technology we use:

• C++, Java, GoLang, Python
• JavaScript/TypeScript, Mantine, React
• ONNX, LangChain, Huggingface
• Podman, Docker

Qualifications:

• Right to work in Norway
• Computer Science (or similar) graduate. Excellent problem-solving and troubleshooting skills.
• Strong software development skills (preferably Java or similar) and a solid software engineering background.
• Practical knowledge of secure coding principles (OWASP Top Ten, encryption, authentication).
• Experience with security testing tools and techniques.
• Knowledge of common security vulnerabilities and attack vectors.
• Passion for security and a desire to stay ahead of the curve.
• Comfortable with cloud infrastructure and modern DevOps practices.
• Excellent English communication and collaboration skills; enjoy teaching and advocating for security.

Bonus:

• Experience with cloud security (AWS/GCP/Azure).
• Knowledge of cryptography and secure coding practices.
• Familiarity with security standards and frameworks (e.g., SOC2, ISO 27001, NIST Cybersecurity Framework).
• Experience with incident response and vulnerability management.
• Familiarity with container security (Kubernetes, Docker) and automation.
• Familiarity with distributed systems.

Why Join Us:

• Help formulate and execute the security strategy for a start-up handling data for some of the world's largest companies.
• Be part of a cutting-edge team working on innovative search and recommendation technology.
• Contribute to the development of a high-performance, open-source platform with a global impact.
• Collaborate with a talented team of engineers, product experts and sales.
• Competitive salary, benefits, and opportunities for professional growth.

If you are excited about the intersection of open source, search and recommendation systems, AI integration, and have a genuine passion for quality and automation, we would love to hear from you! Apply now to join the Vespa Team and play a key role in shaping the future of our industry.

Please attach university transcripts for our evaluation.

Note: Vespa.ai is an equal-opportunity employer. We are committed to creating an inclusive environment for all employees. We believe in fostering a collaborative and inclusive environment where every team member has the opportunity to make a significant impact.