Remotery

Principal Product Security Researcher

Posted 3 hours ago

This is a fully remote position, open to applicants in Canada.

📋 Description

• Design, construct, and maintain secure CI/CD pipelines that incorporate security gates to detect issues prior to reaching production.

• Systematically, consistently, and automatically assess the risk exposure of Chainguards products.

• Implement and uphold software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).

• Proactively identify emerging security needs from customers and develop solutions to address them.

• Lead security architecture assessments and threat modeling for Kubernetes-based workloads operating on GCP and AWS.

• Strengthen container images, Kubernetes cluster configurations, and cloud IAM postures to minimize the attack surface across our product stack.

• Define and promote the adoption of baseline security standards, including pod security standards, network policies, workload identity, and secrets management.

• Assess and operationalize CNAPP / CSPM tools to ensure continuous visibility into cloud-native risks.


⛳️ Requirements

• Over 7 years of experience in software engineering, security engineering, or a hybrid role with significant hands-on security responsibilities throughout.

• Strong expertise in either Go or Python, capable of writing, reviewing, and debugging production-quality code.

• Extensive, hands-on experience with Kubernetes in production environments, including cluster hardening, RBAC, network policies, and admission controllers.

• Practical knowledge of GCP and/or AWS services, including IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• Demonstrated success in designing and securing CI/CD pipelines using tools like GitHub Actions, Cloud Build, Tekton, or similar.

• Proficiency in container security practices, including image scanning, distroless/minimal base images, and runtime security.

• Experience with software supply chain security tools and frameworks such as Sigstore, SLSA, and SBOM generation.

• Comprehensive understanding of OWASP, NIST, and cloud security frameworks, with the ability to apply them effectively in practice.


🏝️ Benefits

• Flexible & Remote-First Culture: Enjoy the option to work remotely, with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hire and promotion, with opportunities to participate in secondary offerings and a generous 10-year period to exercise your options (yes, you read that right: 10 years!).

• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for you and your dependents, with no deductions from your paycheck.

• ∞ Flexible Time Off: Take the time you need to recharge and reset, as we believe that doing our best work requires well-rested individuals.

• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use the leave all at once or spread it throughout your child's first year.

People also viewed

NerdWallet3 hours ago

Security Software Engineer, AI & Automation

US flagCalifornia OnlyFull-timeCybersecurity / Security Engineer$127k – $207k/year
ApplyView job
BlueLeaders3 hours ago

Formador/a de Oposiciones – Seguridad Social

ES flagSpain OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Reco3 hours ago

Security Researcher

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Sysdig3 hours ago

Director of Security Engineering

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$186k – $256k/year
ApplyView job
Westinghouse Electric Company3 hours ago

AI Security Manager

US flagPennsylvania OnlyFull-timeCybersecurity / Security Engineer$130.4k – $163k/year
ApplyView job
Team Carney, Inc.3 hours ago

Multimedia Graphics Artist

US flagOklahoma OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers