RemoteLeaf Logo
Log in Sign up

Senior Product Security Engineer

4 hours, 32 minutes ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
Apply Now
Chainguard

Chainguard

Chainguard: Fortified Software Delivery Security for developers and CISOs, ensuring secure by default infrastructure and zero workflow friction.

Internet Software & Services
51-250
Founded 2021
$55M raised
View All Jobs 62

Description

  • Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before production.
  • Systematically capture and monitor the risk exposure of Chainguard’s products.
  • Implement and enforce software supply chain security controls such as signed artifacts, SBOMs, and provenance attestation.
  • Identify emerging customer security needs and build solutions to address them.
  • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
  • Harden container images, Kubernetes cluster configurations, and cloud IAM postures to reduce attack surface.
  • Define and drive adoption of baseline security standards such as pod security standards, network policies, workload identity, and secrets management.
  • Evaluate and operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risk.

Requirements

  • 5+ years of experience in software engineering, security engineering, or a combined role with significant hands-on security responsibility.
  • Strong proficiency in Go or Python, including the ability to write, review, and debug production-quality code.
  • Deep hands-on experience with Kubernetes in production, including cluster hardening, RBAC, network policies, and admission controllers.
  • Practical expertise with GCP and/or AWS, including IAM, workload identity, secrets management, and security services such as GCP Security Command Center or AWS Security Hub.
  • Proven experience designing and securing CI/CD pipelines using tools such as GitHub Actions, Cloud Build, Tekton, or similar.
  • Fluency with container security, including image scanning, distroless or minimal base images, and runtime security.
  • Experience with software supply chain security tools and frameworks such as Sigstore, SLSA, and SBOM generation.
  • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.
  • Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems is preferred.
  • Experience with policy-as-code tools such as OPA, Kyverno, or Conftest is preferred.
  • Contributions to open source security projects are preferred.
  • Background in security research or offensive security, such as bug bounty, CTFs, or penetration testing, is preferred.

Benefits

  • Flexible remote-first culture with team meetup opportunities and bi-annual destination summits.
  • Monthly stipend for coworking spaces, phone, and internet costs.
  • Stock options upon hire and promotion, with eligibility for secondary offerings and 10 years to exercise options.
  • 100% covered health, vision, and dental insurance premiums for employees and dependents.
  • Unlimited flexible time off.
  • 18 weeks of paid parental leave for birthing parents and 12 weeks for non-birthing parents.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Brex

Senior Application Security Engineer (Remote)

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its finance platform by finding vulnerabilities, improving secure development practices, and protecting emerging AI-driven product features.

United States Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
4 hours, 47 minutes ago
vivenu

Senior Security Engineer - AppSec (d/f/m)

vivenu 51-250 Media

vivenu is hiring a Senior Security Engineer for AppSec to build and scale application security across its global, multi-cloud ticketing platform for live entertainment brands.

Germany Full-time Senior Application Security Engineer
AWS Azure CI/CD E-commerce GCP Go Penetration Testing Terraform TypeScript
5 hours, 32 minutes ago
Mozilla

Firefox Security Student Worker

Mozilla 251-1K Internet Software & Services

Mozilla’s Firefox Application Security Team is hiring a university student in Germany to help improve the security of Firefox and the broader web through application security work in Berlin.

Germany Part-time Entry Level Application Security Engineer
C++ Python
1 day, 4 hours ago
Apollo.io

Senior Application Security Engineer

Apollo.io 251-1K Professional Services

Apollo.io is hiring a Senior Application Security Engineer II to strengthen the secure development lifecycle and reduce application risk across product, platform, and AI-powered features at a fast-growing SaaS company.

United States Canada Full-time Senior Application Security Engineer
$190k-$273k
Encryption GCP Linux OAuth Penetration Testing Python Ruby
1 day, 5 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers