Senior Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop, construct, and sustain secure CI/CD pipelines equipped with security gates that detect issues prior to production deployment.

• Systematically and consistently capture the risk exposure of Chainguards products through automated processes.

• Implement and uphold software supply chain security measures: signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).

• Anticipate and identify emerging security requirements from customers, creating solutions to address these needs.

• Conduct security architecture evaluations and threat modeling for Kubernetes-based workloads operating on GCP and AWS.

• Fortify container images, Kubernetes cluster configurations, and cloud IAM postures, thereby minimizing the attack surface across our product stack.

• Establish and promote the adoption of fundamental security standards: pod security standards, network policies, workload identity, and secrets management.

• Assess and operationalize CNAPP / CSPM tools to ensure continuous visibility into cloud-native risks.

⛳️ Requirements

• Over 5 years of experience in software engineering, security engineering, or a combined role with significant hands-on security responsibilities.

• Strong expertise in Go or Python, with the capability to write, review, and debug production-quality code.

• Extensive, hands-on experience with Kubernetes in production environments (including cluster hardening, RBAC, network policies, and admission controllers).

• Practical knowledge of GCP and/or AWS, including IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• Demonstrated experience in designing and securing CI/CD pipelines (using GitHub Actions, Cloud Build, Tekton, or similar tools).

• Proficiency in container security, including image scanning, distroless/minimal base images, and runtime security.

• Familiarity with software supply chain security tools and frameworks (such as Sigstore, SLSA, and SBOM generation).

• Strong understanding of OWASP, NIST, and cloud security frameworks, along with practical application knowledge.

🏝️ Benefits

• Flexible & Remote-First Culture: Work from home with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hiring and promotion, with the ability to participate in secondary offerings and a 10-year period to exercise your options (yes, you read that right: 10 years!).

• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for you and your dependents, ensuring nothing is deducted from your paycheck.

• ∞ Flexible Time Off: Take the necessary time you need; to produce our best work, we must recharge and reset.

• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use it all at once or spread it throughout your child's first year.