RemoteLeaf Logo
Log in Sign up

Senior Product Security Engineer

4 hours, 32 minutes ago
Canada
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
Apply Now
Chainguard

Chainguard

Chainguard: Fortified Software Delivery Security for developers and CISOs, ensuring secure by default infrastructure and zero workflow friction.

Internet Software & Services
51-250
Founded 2021
$55M raised
View All Jobs 62

Description

  • Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before production.
  • Systematically capture the risk exposure of Chainguard's products through automated security controls and monitoring.
  • Implement and enforce software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation.
  • Proactively identify emerging customer security needs and build solutions to address them.
  • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
  • Harden container images, Kubernetes cluster configurations, and cloud IAM postures to reduce attack surface.
  • Define and drive adoption of baseline security standards such as pod security standards, network policies, workload identity, and secrets management.
  • Evaluate and operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risk.

Requirements

  • 5+ years of experience in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility.
  • Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code.
  • Deep, hands-on production experience with Kubernetes, including cluster hardening, RBAC, network policies, and admission controllers.
  • Practical experience with GCP and/or AWS, including IAM, workload identity, secrets management, and security services such as GCP Security Command Center or AWS Security Hub.
  • Proven experience designing and securing CI/CD pipelines using GitHub Actions, Cloud Build, Tekton, or similar tools.
  • Experience with container security, including image scanning, distroless or minimal base images, and runtime security.
  • Experience with software supply chain security tooling and frameworks such as Sigstore, SLSA, and SBOM generation.
  • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.
  • Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems, preferred.
  • Experience with policy-as-code tools such as OPA, Kyverno, or Conftest, preferred.
  • Contributions to open source security projects, preferred.
  • Background in security research or offensive security, such as bug bounty, CTFs, or penetration testing, preferred.

Benefits

  • Flexible remote-first culture with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking, phone, and internet costs.
  • Stock options upon hire and promotion, plus participation in secondary offerings and 10 years to exercise options.
  • 100% covered health, vision, and dental insurance premiums for employees and dependents.
  • Unlimited flexible time off to recharge and reset.
  • 18 weeks of paid parental leave for birthing parents and 12 weeks for non-birthing parents, usable all at once or throughout the child's first year.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Brex

Senior Application Security Engineer (Remote)

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its finance platform by finding vulnerabilities, improving secure development practices, and protecting emerging AI-driven product features.

United States Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
4 hours, 47 minutes ago
vivenu

Senior Security Engineer - AppSec (d/f/m)

vivenu 51-250 Media

vivenu is hiring a Senior Security Engineer for AppSec to build and scale application security across its global, multi-cloud ticketing platform for live entertainment brands.

Germany Full-time Senior Application Security Engineer
AWS Azure CI/CD E-commerce GCP Go Penetration Testing Terraform TypeScript
5 hours, 32 minutes ago
Mozilla

Firefox Security Student Worker

Mozilla 251-1K Internet Software & Services

Mozilla’s Firefox Application Security Team is hiring a university student in Germany to help improve the security of Firefox and the broader web through application security work in Berlin.

Germany Part-time Entry Level Application Security Engineer
C++ Python
1 day, 4 hours ago
Apollo.io

Senior Application Security Engineer

Apollo.io 251-1K Professional Services

Apollo.io is hiring a Senior Application Security Engineer II to strengthen the secure development lifecycle and reduce application risk across product, platform, and AI-powered features at a fast-growing SaaS company.

United States Canada Full-time Senior Application Security Engineer
$190k-$273k
Encryption GCP Linux OAuth Penetration Testing Python Ruby
1 day, 5 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers