Staff Product Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop and Secure CI/CD Pipelines

• Create, build, and sustain secure CI/CD pipelines with security checkpoints to identify issues prior to production deployment.

• Systematically, consistently, and automatically assess the risk exposure of Chainguards products.

• Implement and uphold software supply chain security measures: signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore / Cosign).

• Proactively recognize emerging security requirements from customers and devise solutions to fulfill them.

• Cloud-Native Product Fortification

• Oversee security architecture evaluations and threat modeling for Kubernetes workloads deployed on GCP and AWS.

• Strengthen container images, Kubernetes cluster settings, and cloud IAM configurations — minimizing the attack surface across our product suite.

• Establish and promote baseline security protocols: pod security standards, network policies, workload identity, and secrets management.

• Assess and operationalize CNAPP / CSPM tools to ensure continuous visibility into cloud-native security risks.

⛳️ Requirements

• Over 7 years of experience in software engineering, security engineering, or a combined role with substantial hands-on security responsibilities.

• Strong expertise in Go or Python, with the capability to write, review, and debug production-grade code.

• Extensive hands-on experience with Kubernetes in production environments (including cluster hardening, RBAC, network policies, admission controllers).

• Practical knowledge of GCP and/or AWS: IAM, workload identity, secrets management, and security services (e.g., GCP Security Command Center, AWS Security Hub).

• Demonstrated success in designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or equivalent).

• Proficient in container security practices: image scanning, distroless/minimal base images, and runtime security.

• Experience with software supply chain security tools and frameworks (Sigstore, SLSA, SBOM generation).

• Strong understanding of OWASP, NIST, and cloud security frameworks, and how to apply them effectively.

🏝️ Benefits

• Flexible & Remote-First Culture: Work remotely with opportunities for team meetups, bi-annual destination summits, and a monthly stipend for coworking spaces, phone, and internet expenses.

• Our Approach to Equity: Receive stock options upon hiring and promotion. Additionally, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that right: 10 years!).

• 100% Covered Health Insurance: We fully cover your health, vision, and dental insurance premiums for you and your dependents, with no deductions from your paycheck.

• ∞ Flexible Time Off: Take the time you need – to perform at your best, we encourage you to recharge and reset.

• 18 Weeks Paid Parental Leave: We provide 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the flexibility to use it all at once or spread it throughout your child's first year.