Principal Product Security Researcher

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Take ownership of the product security research agenda at Chainguard by examining the wider ecosystem, identifying new attack patterns, and articulating them into distinct risks and opportunities for both Chainguard and our clients.

• Influence the security strategy across various products and platforms, collaborating closely with Product, Engineering, and Security leadership to integrate your insights into roadmaps, architectural decisions, and long-term strategies.

• Function as a comprehensive observer of the ecosystem, identifying issues early on and assisting others in navigating challenges with confidence (while maintaining a healthy level of caution).

• Investigate emerging threats and trends within software supply chain and product security, assessing their implications for Chainguard’s products and clientele.

• Create innovative mitigations spanning people, processes, and technologies, focusing not just on proof-of-concept demonstrations, but on practical defenses that are genuinely adopted.

• Spearhead large-scale, multi-quarter initiatives that significantly mitigate risk or enhance our security maturity across a variety of product lines and platforms.

• Collaborate with executive and senior engineering leadership to steer organization-wide security strategy, influence critical roadmap decisions, and secure agreement for major, complex changes.

• Spot systematic vulnerabilities (in systems, structures, and sometimes habits) and devise plans that address root causes in ways that are sustainable long after you have moved on to the next challenging issue.

• Mentor and elevate others within Product Security and Engineering by guiding teams to think more strategically about threats, risks, and long-term security posture.

• Represent Chainguard in external forums such as talks, conferences, and thought leadership initiatives, sharing our insights and contributing to the advancement of the industry.

⛳️ Requirements

• Possess extensive experience in product or application security, with a proven history of leading research or threat-focused initiatives that resulted in clear, company-wide outcomes.

• Have expert-level knowledge across various domains including secure architecture, application/product security, software supply chain, and organization-level risk management, with the ability to balance security, speed, and reliability.

• Be adept at managing ambiguous, cross-functional challenges and transforming them into organized, prioritized initiatives that are executed effectively.

• Demonstrate a proven ability to communicate complex ideas to executive stakeholders, securing alignment and facilitating decision-making at the highest levels.

• Remain at the forefront of industry trends, tools, and research methods; not only keeping up with the latest publications but also applying them in a practical, impactful manner.

• Work autonomously with a strong sense of ownership while also being a collaborative team player who brings others along in the journey.

• Be comfortable in rapidly changing, uncertain environments and capable of creating structure within them.

🏝️ Benefits

• Flexible & Remote-First Culture: Enjoy the option to work remotely with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hiring and promotion, with the chance to participate in secondary offerings and a generous 10-year period to exercise your options (yes, you read that right: 10 years!).

• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for you and your dependents, ensuring nothing is deducted from your paycheck.

• ∞ Flexible Time Off: Take the time you need to perform at your best; we believe in the importance of recharging and resetting.

• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use it all at once or spread it throughout your child's first year.