# Senior Product Security Engineer

**Company:** [Chainguard](https://hotfix.jobs/companies/chainguard)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $157k – $184k/yr
**Experience:** 5+ years
**Skills:** Go, Python, Kubernetes, GCP, AWS, IAM, CI/CD, GitHub Actions, Cloud Build, Tekton, Container Security, Sigstore, Slsa, Sbom, Owasp
**Posted:** 2026-06-12

> Senior security engineer embedded in product development to build secure CI/CD pipelines, enforce supply chain controls, and harden Kubernetes workloads on GCP/AWS. Requires 5+ years experience, strong Go/Python skills, and deep Kubernetes and cloud security expertise.

## Job Description

## What you’ll do

### Build & Harden Secure Pipelines
- Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production.
- Systematically, consistently and automatically capture the risk exposure of Chainguard's products.
- Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign).
- Proactively identify emerging customer security needs, and build solutions to meet these.

### Cloud-Native Product Hardening
- Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
- Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack.
- Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management.
- Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.

## What we're looking for

### Required
- 5+ years in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility throughout.
- Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code.
- Deep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers).
- Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub).
- Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar).
- Fluency with container security: image scanning, distroless/minimal base images, runtime security.
- Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation).
- Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.

### Nice to Have
- Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems.
- Experience with policy-as-code tools (OPA, Kyverno, Conftest).
- Contributions to open source security projects.
- Background in security research or offensive security (bug bounty, CTF, penetration testing).

## Compensation & Benefits
- Base Salary Range: $157,000—$184,000 USD
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options.
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents.
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.

## Similar roles

- [Senior Security Engineer, Detection and Response](https://hotfix.jobs/jobs/48575dcb-3684-45e7-ab3d-2e42d8700dfc) - 1Password - Remote - $156k – $210k/yr
- [Sr. Security Software Engineer, Application Security](https://hotfix.jobs/jobs/4155c20d-f5a7-4997-bc4f-49079d855565) - Pinterest - Remote - $156k – $320k/yr
- [Sr. Application Security Engineer](https://hotfix.jobs/jobs/6d9e050f-cdd4-48ca-bd0e-6e39dbb77363) - Lumin Digital - Remote - $155k – $175k/yr
- [Senior Security Engineer, Infrastructure & Network Security](https://hotfix.jobs/jobs/4bc3d67a-e623-4dfb-8bfa-fe2c37c466de) - Metropolis - Los Angeles, CA - $160k – $215k/yr
- [Senior Software Engineer, Information Security](https://hotfix.jobs/jobs/cfb1c219-740b-4c2e-a88a-ee445503e8cf) - Commure - Mountain View, CA - $160k – $190k/yr

**Apply:** https://hotfix.jobs/jobs/016be3be-11ac-4f1d-97a6-9aa8cd6b48ca
**Canonical:** https://hotfix.jobs/jobs/016be3be-11ac-4f1d-97a6-9aa8cd6b48ca