
Senior Product Security Engineer
4w1 month agoChainguard
US · Full-time · $157,000 – $184,000
About this role
Chainguard is the trusted source for open source, delivering hardened, secure, and production-ready builds of open source software. As a Senior Product Security Engineer, you will be embedded in the development process, not a gate at the end of it.
You will design and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. Your day-to-day involves implementing software supply chain security controls like signed artifacts, SBOMs, and provenance attestation using Sigstore and Cosign.
You will lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. You will harden container images, Kubernetes cluster configurations, and cloud IAM postures to minimize attack surface across the product stack.
This role offers the opportunity to proactively identify emerging customer security needs and build solutions to meet them. You will define and drive adoption of baseline security standards, including pod security standards, network policies, workload identity, and secrets management.
Requirements
- 5+ years in software engineering, security engineering, or a combined role with meaningful hands-on security responsibility.
- Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code.
- Deep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers).
- Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub).
- Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar).
- Fluency with container security: image scanning, distroless/minimal base images, runtime security.
- Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation).
- Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.
Responsibilities
- Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production.
- Systematically, consistently, and automatically capture the risk exposure of Chainguard's products.
- Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign).
- Proactively identify emerging customer security needs and build solutions to meet them.
- Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
- Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimizing attack surface across the product stack.
- Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management.
- Evaluate and operationalize CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.
Benefits
- Base salary range of $157,000+
- Work on cutting-edge open source security at a venture-backed company
- Opportunity to shape security standards for Fortune 500 enterprises and global industry leaders
Similar roles

Application Security Engineer
9w2 months agoPalantir Technologies
New York City, US · Full-time · $135,000 – $200,000

Senior Cloud Architect
4w1 month agoAmbu A/S
Ballerup, DK · Full-time · €110,000 – €140,000

Software Engineer
4w1 month agoCaptivation
US · Full-time · $130,000 – $270,000

Principal Application Security Architect
4w1 month agoLPL Financial
Charlotte, US · Full-time · $153,470 – $255,749