
Principal Product Security Researcher
Posted 3 hours ago

Posted 3 hours ago
This is a fully remote position, open to applicants in Canada.
• Design, construct, and maintain secure CI/CD pipelines that incorporate security gates to detect issues prior to reaching production.
• Systematically, consistently, and automatically assess the risk exposure of Chainguards products.
• Implement and uphold software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).
• Proactively identify emerging security needs from customers and develop solutions to address them.
• Lead security architecture assessments and threat modeling for Kubernetes-based workloads operating on GCP and AWS.
• Strengthen container images, Kubernetes cluster configurations, and cloud IAM postures to minimize the attack surface across our product stack.
• Define and promote the adoption of baseline security standards, including pod security standards, network policies, workload identity, and secrets management.
• Assess and operationalize CNAPP / CSPM tools to ensure continuous visibility into cloud-native risks.
• Over 7 years of experience in software engineering, security engineering, or a hybrid role with significant hands-on security responsibilities throughout.
• Strong expertise in either Go or Python, capable of writing, reviewing, and debugging production-quality code.
• Extensive, hands-on experience with Kubernetes in production environments, including cluster hardening, RBAC, network policies, and admission controllers.
• Practical knowledge of GCP and/or AWS services, including IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).
• Demonstrated success in designing and securing CI/CD pipelines using tools like GitHub Actions, Cloud Build, Tekton, or similar.
• Proficiency in container security practices, including image scanning, distroless/minimal base images, and runtime security.
• Experience with software supply chain security tools and frameworks such as Sigstore, SLSA, and SBOM generation.
• Comprehensive understanding of OWASP, NIST, and cloud security frameworks, with the ability to apply them effectively in practice.
• Flexible & Remote-First Culture: Enjoy the option to work remotely, with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces, phone, and internet expenses.
• Our Approach to Equity: Receive stock options upon hire and promotion, with opportunities to participate in secondary offerings and a generous 10-year period to exercise your options (yes, you read that right: 10 years!).
• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for you and your dependents, with no deductions from your paycheck.
• ∞ Flexible Time Off: Take the time you need to recharge and reset, as we believe that doing our best work requires well-rested individuals.
• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use the leave all at once or spread it throughout your child's first year.
NerdWallet
BlueLeaders
Reco
Sysdig
Get handpicked remote jobs straight to your inbox weekly.