Senior Product Security Engineer

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Design, develop, and sustain secure CI/CD pipelines that incorporate security checkpoints to intercept issues prior to production deployment.

• Methodically and consistently automate the process of capturing risk exposure for Chainguards products.

• Establish and enforce security controls for the software supply chain, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).

• Anticipate emerging security requirements of customers and devise solutions to address them.

• Conduct security architecture reviews and threat modeling for Kubernetes-based workloads operating on GCP and AWS.

• Strengthen container images, Kubernetes cluster configurations, and cloud IAM settings to reduce the attack surface across our product ecosystem.

• Define and promote the adoption of baseline security standards, including pod security standards, network policies, workload identity, and secrets management.

• Assess and implement CNAPP / CSPM tools to ensure continuous visibility into cloud-native risks.

⛳️ Requirements

• A minimum of 7 years in software engineering, security engineering, or a hybrid role with significant hands-on security responsibilities.

• Strong expertise in Go or Python, capable of writing, reviewing, and debugging production-level code.

• Extensive, hands-on experience with Kubernetes in production environments, including cluster hardening, RBAC, network policies, and admission controllers.

• Practical knowledge of GCP and/or AWS, encompassing IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• A proven history of designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar tools).

• Proficiency in container security, including image scanning, minimal base images, and runtime security.

• Familiarity with software supply chain security tools and frameworks (Sigstore, SLSA, SBOM generation).

• A solid grasp of OWASP, NIST, and cloud security frameworks, along with the ability to apply them effectively in practice.

🏝️ Benefits

• Flexible & Remote-First Culture: Work remotely with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking space, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hiring and promotion. Additionally, you can engage in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).

• 100% Covered Health Insurance: We pay 100% of your health, vision, and dental insurance premiums for you and your dependents, with no deductions from your paycheck.

• ∞ Flexible Time Off: Take the time you need — to perform at your best, it's essential to recharge and reset.

• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use it all at once or spread it throughout your child's first year.