Senior Product Security Engineer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Design, develop, and uphold secure CI/CD pipelines that include security gates to detect issues prior to their deployment in production.

• Methodically, consistently, and automatically assess the risk exposure associated with Chainguard's products.

• Implement and enforce security protocols for the software supply chain, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).

• Actively recognize emerging security requirements from customers and create solutions to address them.

• Oversee security architecture evaluations and threat modeling for Kubernetes workloads operating on GCP and AWS.

• Strengthen container images, Kubernetes cluster settings, and cloud IAM configurations to reduce the attack surface across our product ecosystem.

• Establish and promote the adoption of foundational security standards, including pod security standards, network policies, workload identity, and secrets management.

• Assess and implement CNAPP / CSPM tools to ensure continuous visibility into cloud-native risks.

⛳️ Requirements

• A minimum of 5 years of experience in software engineering, security engineering, or a combined role with significant hands-on security responsibilities.

• Proficient in Go or Python, capable of writing, reviewing, and debugging production-quality code.

• Extensive, hands-on experience with Kubernetes in production environments, including cluster hardening, RBAC, network policies, and admission controllers.

• Practical knowledge of GCP and/or AWS, including IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• Demonstrated success in designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar).

• In-depth understanding of container security practices, including image scanning, distroless/minimal base images, and runtime security.

• Familiarity with software supply chain security tools and frameworks (Sigstore, SLSA, SBOM generation).

• Strong grasp of OWASP, NIST, and cloud security frameworks and their practical application.

🏝️ Benefits

• Flexible & Remote-First Culture: Enjoy the ability to work remotely with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces as well as phone and internet expenses.

• Our Approach to Equity: Upon hiring and promotion, you will receive stock options. Additionally, you can take part in secondary offerings and have 10 years to exercise your options (yes, you read that right: 10 years!).

• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for both you and your dependents, with no deductions from your paycheck.

• ∞ Flexible Time Off: Take the time you need; to perform at our best, we must recharge and reset.

• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use the leave all at once or spread it throughout your child's first year.