RemoteLeaf Logo
Log in Sign up

Staff Product Security Engineer

3 weeks, 4 days ago
Canada
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
Apply Now
Chainguard

Chainguard

Chainguard: Fortified Software Delivery Security for developers and CISOs, ensuring secure by default infrastructure and zero workflow friction.

Internet Software & Services
51-250
Founded 2021
$55M raised
View All Jobs 54

Description

  • Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before production.
  • Systematically capture and assess the risk exposure of Chainguard’s products.
  • Implement and enforce software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation.
  • Identify emerging customer security needs and build solutions to address them.
  • Lead security architecture reviews and threat models for Kubernetes-based workloads on GCP and AWS.
  • Harden container images, Kubernetes cluster configurations, and cloud IAM postures to reduce attack surface.
  • Define and drive adoption of baseline security standards such as pod security standards, network policies, workload identity, and secrets management.
  • Evaluate and operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risk.
  • Provide technical leadership and cross-team influence as an individual-contributor Staff-level engineer.

Requirements

  • 7+ years of experience in software engineering, security engineering, or a combined role with significant hands-on security responsibility.
  • Strong proficiency in Go or Python and the ability to write, review, and debug production-quality code.
  • Deep hands-on experience with Kubernetes in production, including cluster hardening, RBAC, network policies, and admission controllers.
  • Practical experience with GCP and/or AWS, including IAM, workload identity, secrets management, and security services such as GCP Security Command Center or AWS Security Hub.
  • Proven experience designing and securing CI/CD pipelines using tools such as GitHub Actions, Cloud Build, Tekton, or similar.
  • Strong knowledge of container security, including image scanning, distroless or minimal base images, and runtime security.
  • Experience with software supply chain security tooling and frameworks such as Sigstore, SLSA, and SBOM generation.
  • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.
  • Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems is preferred.
  • Experience with policy-as-code tools such as OPA, Kyverno, or Conftest is preferred.
  • Contributions to open source security projects are preferred.
  • Background in security research or offensive security, such as bug bounty, CTFs, or penetration testing, is preferred.

Benefits

  • Flexible remote-first work environment with team meetup opportunities and bi-annual destination summits.
  • Monthly stipend for coworking spaces, phone, and internet costs.
  • Stock options upon hire and promotion, with eligibility for secondary offerings and a 10-year exercise window.
  • 100% covered health, vision, and dental insurance for employees and dependents.
  • Unlimited flexible time off.
  • 18 weeks of paid parental leave for birthing parents and 12 weeks for non-birthing parents.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

GuidePoint Security

Senior Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a Security Engineering professional to implement and operationalize application security tooling and practices across software development and CI/CD environments for a broad range of customer-facing security engagements.

United States Full-time Senior Application Security Engineer
Azure Burp Suite CI/CD CircleCI GitHub Actions Jenkins
3 hours, 33 minutes ago
GuidePoint Security

Application Security Engineer (Remote in the U.S.)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring an Application Security professional to run and operationalize security testing tools across client development environments and help teams identify and remediate web application risks.

United States Full-time Mid Level Application Security Engineer
Azure Bamboo C# C++ CI/CD GitHub Java JavaScript Jenkins PHP Python
10 hours, 39 minutes ago
ShopBack

Product Security Engineer

ShopBack 1K-5K IT Services

ShopBack is hiring a Product Security Engineer to help secure its cloud-native, microservices, web, and mobile products across the software development lifecycle as the company scales its shopping, rewards, and payments platform.

India Full-time Mid Level Application Security Engineer
Go LLM Microservices Node.js Python TypeScript
1 day, 2 hours ago
Alphasense

Senior Application Security Engineer

Alphasense 51-250 Industrial Conglomerates

AlphaSense is hiring a Senior AI Application Security Engineer to lead hands-on application security for AI-native and agentic features in a fast-moving SaaS engineering environment.

United States Full-time Senior Application Security Engineer
$157k-$216k
AWS Burp Suite CI/CD Docker GitHub GitHub Actions Go Helm Java JavaScript Kotlin Kubernetes Penetration Testing Python Terraform TypeScript
1 day, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers