Staff Product Security Engineer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Develop and Strengthen Secure Pipelines

• Design, construct, and oversee secure CI/CD pipelines that include security gates to detect issues prior to production deployment.

• Consistently and automatically assess the risk exposure of Chainguards products.

• Implement and uphold software supply chain security measures: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign).

• Anticipate emerging security needs of customers and create solutions to address them.

• Cloud-Native Product Fortification

• Lead security architecture evaluations and threat modeling for Kubernetes-based workloads on GCP and AWS.

• Fortify container images, Kubernetes cluster configurations, and cloud IAM settings to minimize the attack surface across our product suite.

• Establish and promote the adoption of baseline security standards: pod security standards, network policies, workload identity, and secrets management.

• Assess and implement CNAPP / CSPM tools to ensure ongoing visibility into cloud-native risks.

⛳️ Requirements

• Over 7 years of experience in software engineering, security engineering, or a combined role with significant hands-on security responsibilities.

• Strong expertise in Go or Python, capable of writing, reviewing, and debugging production-quality code.

• Extensive, hands-on experience with Kubernetes in a production environment (including cluster hardening, RBAC, network policies, and admission controllers).

• Practical knowledge of GCP and/or AWS: IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• Proven history of designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar technologies).

• Proficient in container security: image scanning, distroless/minimal base images, and runtime security.

• Experience with software supply chain security tools and frameworks (Sigstore, SLSA, SBOM generation).

• Solid understanding of OWASP, NIST, and cloud security frameworks and their practical applications.

🏝️ Benefits

• Flexible & Remote-First Culture: Enjoy the opportunity to work remotely with team meetups, bi-annual destination summits, and a monthly allowance for coworking spaces, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hiring and promotions. Additionally, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).

• 100% Covered Health Insurance: We cover the entire cost of your health, vision, and dental insurance premiums for you and your dependents. Nothing will be deducted from your paycheck.

• ∞ Flexible Time Off: Take the necessary time off – to perform at our best, it’s essential to recharge and reset.

• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use it all at once or spread out throughout your child's first year.