Staff Product Security Engineer

🕒 il y a 1 mois

🇺🇸 États-Unis – Télétravail

💵 $17 000 - $231 000 / an

⏰ Temps Plein

🔴 Expert

👮‍♂️ Cybersécurité / Ingénieur Sécurité

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Chainguard

Site WebLinkedInTous les Emplois

51 - 200 employés

Fondée en 2021

🔐 Sécurité

☁️ SaaS

🔒 Cybersecurity

Security • SaaS • Cybersecurity

Chainguard est une entreprise spécialisée dans la création d’images de conteneur sécurisées afin de renforcer la sécurité logicielle et la conformité. Ses produits incluent des images de conteneur à faible, voire zéro, CVE, mises à jour quotidiennement pour respecter des référentiels de sécurité et de conformité tels que FedRAMP, NIST 800-53, PCI-DSS, SOC 2 et les CIS Benchmarks. Chainguard se concentre sur la réduction des vulnérabilités, l’automatisation de la conformité et le support des workflows de développement, sans compromettre l’innovation ni la productivité. L’entreprise sert un large éventail d’industries, y compris des secteurs fortement réglementés, en fournissant des images durcies qui atténuent les risques de la chaîne d’approvisionnement logicielle et renforcent la sécurité des applications.

Description

• Build & Harden Secure Pipelines • Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguards products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Cloud-Native Product Hardening • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.

🎯 Exigences

• 7+ years in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility throughout. • Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code. • Deep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers). • Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub). • Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar). • Fluency with container security: image scanning, distroless/minimal base images, runtime security. • Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation). • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.

🏖️ Avantages

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs. • Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!). • 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck. • ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset. • 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.