Principal Product Security Researcher

🕒 June 1

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Chainguard

Chainguard

51 - 200 employees

Founded 2021

🔐 Security

☁️ SaaS

🔒 Cybersecurity

Security • SaaS • Cybersecurity

Chainguard is a company that specializes in building secure container images to enhance software security and compliance. Their products include low-to-zero CVE container images, which are updated daily to maintain security and compliance standards such as FedRAMP, NIST 800-53, PCI-DSS, SOC2, and CIS benchmarks. Chainguard focuses on reducing vulnerabilities, automating compliance, and supporting development workflows without compromising on innovation and productivity. The company serves a wide range of industries, including highly regulated sectors, by providing hardened image solutions to mitigate software supply chain risks and enhance application security.

📋 Description

• Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguards products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures – minimising attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.

🎯 Requirements

• 7+ years in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility throughout. • Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code. • Deep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers). • Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub). • Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar). • Fluency with container security: image scanning, distroless/minimal base images, runtime security. • Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation). • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.

🏖️ Benefits

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs. • Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!). • 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck. • ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset. • 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.

Apply Now

Similar Jobs

🕒 May 18

International SOS

10,000+ employees

⚕️ Healthcare Insurance

📋 Compliance

🔐 Security

Bilingual Security Director for International SOS driving revenue growth of health security subscription services in Canada. Supporting consulting, training, and managed services with trusted client relationships.

🗣️🇫🇷 French Required

🕒 May 8

Masabi

201 - 500

🚗 Transport

☁️ SaaS

Head of Security & Compliance at Masabi overseeing security and compliance for public transport systems globally. Leading initiatives to strengthen compliance and security practices.

🕒 April 22

Workleap

201 - 500

👥 HR Tech

☁️ SaaS

⚡ Productivity

Application Security Manager at Workleap embedding security in products and development workflows. You will write code, build tooling, and ensure secure software delivery.

🇨🇦 Canada – Remote

💵 $150k - $180k / year

💰 Private Equity Round on 2023-06

⏰ Full Time

🟠 Senior

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🕒 March 31

Colliers

10,000+ employees

🏠 Real Estate

Global Security Architect at Colliers responsible for defining security solutions across global processes and technology. Leading cloud migrations and security strategies for GCP and Azure environments.