Chainguard

Technology

PrincipalProductSecurityResearcher

$225–350k ~AI est. United States Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Principal Product Security Researcher at Chainguard. Skills: Product Security, CI/CD Security, Cloud Security, Supply Chain Security. Build secure CI/CD pipelines. Harden secure CI/CD pipelines”

Industry & Context.

Technology

Problems you'll solve

Owning hard problems

What They're Looking For.

Must Have

7+ years in software engineering, 7+ years in security engineering, Proficiency in Go or Python, Ability to write production-quality code, Ability to debug production-quality code, Deep, hands-on experience with Kubernetes in production, Practical expertise with GCP or AWS, Proven track record designing CI/CD pipelines, Proven track record securing CI/CD pipelines, Fluency with container security, Experience with software supply chain security tooling, Experience with software supply chain security frameworks, Solid understanding of OWASP, Solid understanding of NIST, Solid understanding of cloud security frameworks

Nice to Have

Familiarity with Chainguard Images, Familiarity with minimal container base images, Familiarity with hardened container base images, Experience with policy-as-code tools, Contributions to open source security projects, Background in security research, Background in offensive security

What You'll Do.

Build secure CI/CD pipelines

Harden secure CI/CD pipelines

Design secure CI/CD pipelines

Maintain secure CI/CD pipelines

Catch issues before production

Capture risk exposure

Automate risk exposure capture

Implement software supply chain controls

Enforce software supply chain controls

Provide provenance attestation

Identify customer security needs

Build solutions for security needs

Lead security architecture reviews

Harden container images

Harden Kubernetes cluster configurations

Minimize attack surface

Define baseline security standards

Drive adoption of security standards

Evaluate CNAPP tooling

Operationalise CNAPP tooling

Maintain cloud-native risk visibility

Evaluate CSPM tooling

Operationalise CSPM tooling

How You'll Work.

Team & Collaboration

Cross-team influence

Full Job Description

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk. Our customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. Staff Product Security Engineer The role in a nutshell: You are a deeply technical engineer who gets restless when pipelines aren't locked down. You care about shipping secure software! At Chainguard, you won't be a gate at the end of the process; you'll be embedded in it. This is an individual-contributor Staff role. That means technical leadership, cross-team influence, and owning hard problems. What you’ll do: Build & Harden Secure Pipelines Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. Systematically, consistently and automatically capture the risk exposure of Chainguards products. Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). Proactively identify emerging customer security needs, and build solutions to meet these. Cloud-Native Product Hardening Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack. Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous vis

Free ATS check

Applying for this Principal Product Security Researcher role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 46 detected · ranked by frequency

Image scanning ×4

Runtime security ×4

SBOM generation ×4

Product Security ×3

Cloud Security ×3

Code review ×3

Debugging ×3

Cluster hardening ×3

RBAC ×3

Network policies ×3

Admission controllers ×3

Security services ×3

Attestation ×3

CI/CD Security ×2

Supply Chain Security ×2

Python

Kubernetes

GCP

AWS

IAM

Workload identity

Secrets management

CI/CD

GitHub Actions

Cloud Build

Tekton

Container security

Distroless images

Minimal base images

Sigstore

SLSA

Role Details

Experience 7–10 yrs

Level Senior

Work Mode Remote

Category product-security

Salary Band 200k+

AI-Extracted Insights

Domain Areas

kubernetes-workloadscloud-native-workloadssoftware-supply-chain-securityslsasigstorecontainer-securityowaspnist

How to Apply on Greenhouse

Create a Greenhouse profile before applying — it saves time across multiple applications.
Upload your resume as a PDF; the parser handles it better than Word.
Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
Enable email notifications to track application status in real time.

ANONYMOUS · UNFILTERED

What do employees actually say about Chainguard?

Real rants from real employees. Read before you apply.

Read Company Rants →