Senior Product Security Engineer

Company: Chainguard
Apply for the Senior Product Security Engineer
Location: London
Job Description:

Responsibilities

  • This is an individual-contributor Staff role. That means technical leadership, cross-team influence, and owning hard problems
  • Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production
  • Systematically, consistently and automatically capture the risk exposure of Chainguards products
  • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign)
  • Proactively identify emerging customer security needs, and build solutions to meet these
  • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS
  • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack
  • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management
  • Evaluate and operationalize CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk

Qualifications

  • Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code
  • Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation)
  • Fluency with container security: image scanning, distroless/minimal base images, runtime security
  • Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar)
  • 7+ years in software engineering, security engineering, or a combined role with meaningful hands‑on security responsibility throughout
  • Deep, hands‑on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers)
  • Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub)
  • Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically
  • Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems
  • Experience with policy-as-code tools (OPA, Kyverno, Conftest)
  • Contributions to open source security projects
  • Background in security research or offensive security (bug bounty, CTF, penetration testing)

Benefits

  • Equity/stock options
  • Unlimited PTO
  • Remote work with flexible coworking and team meetup opportunities
  • Home office and internet stipend
  • 100% health/dental/vision insurance coverage for you and your family

#J-18808-Ljbffr…

Posted: June 27th, 2026