[Remote] Staff Product Security Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Chainguard is the trusted source for open source, delivering hardened, secure, and production-ready builds of open source software. The Staff Product Security Engineer will design and maintain secure CI/CD pipelines, lead security architecture reviews, and define security standards to minimize risk across Chainguard's product stack.ResponsibilitiesDesign, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach productionSystematically, consistently and automatically capture the risk exposure of Chainguards productsImplement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign)Proactively identify emerging customer security needs, and build solutions to meet theseLead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWSHarden container images, Kubernetes cluster configurations, and cloud IAM postures β€” minimising attack surface across our product stackDefine and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets managementEvaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native riskSkills7+ years in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility throughoutStrong proficiency in Go or Python, with the ability to write, review, and debug production-quality codeDeep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers)Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub)Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar)Fluency with container security: image scanning, distroless/minimal base images, runtime securityExperience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation)Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmaticallyFamiliarity with Chainguard Images or other minimal/hardened container base image ecosystemsExperience with policy-as-code tools (OPA, Kyverno, Conftest)Contributions to open source security projectsBackground in security research or offensive security (bug bounty, CTF, penetration testing)BenefitsFlexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.Company OverviewChainguard is a cloud-native development platform that provides low-to-zero CVE container images for building and running applications. It was founded in 2021, and is headquartered in Kirkland, Washington, USA, with a workforce of 201-500 employees. Its website is https://www.chainguard.dev.Company H1B SponsorshipChainguard has a track record of offering H1B sponsorships, with 1 in 2026, 1 in 2024, 2 in 2023. Please note that this does not guarantee sponsorship for this specific role.

Apply Now β†’
← Back