SentinelOne
cybersecurity
StaffSupplyChain&BuildSystemSecurityEngineer
“Staff Supply Chain & Build-System Security Engineer at SentinelOne. Skills: Supply Chain Security, Build System Security, Software Security, GitHub Actions, OIDC, npm, PyPI, Maven Central, NuGet, SBOMs, SLSA, Sigstore, Malicious Package Triage, Static Reverse Engineering. Staff Supply Chain & Build-System Security Engineer. GitHub Actions, Pinning, OIDC, Trusted Publisher migration, Harden-Runner deployment, runner identity scoping”
What You'll Achieve.
give the advantage to those who secure our future; protect global enterprises, critical infrastructure, and the technologies shaping tomorrow; impact to be real, measurable, and global; reduce noise, simplify complexity, and empower security teams to focus on what truly matters; drive better, faster, smarter outcomes; help us build a safer future for humanity
Industry & Context.
problem-solvers; actively seek out new solutions; experiment thoughtfully; apply what they learn to drive better, faster, smarter outcomes; solve hard problems
What They're Looking For.
Must Have
7+ years in security with a concentration in software supply chain, build systems, or product security, credible development background, Proven track record translating complex findings into technical and executive-level debriefs, Deep npm internals fluency, publish flow, registry mechanics, Trusted Publisher and OIDC for publishing, working depth across PyPI, Maven Central, and NuGet, Hands-on dependency analysis and reachability-based prioritization across multiple languages, Working knowledge of SBOMs, build provenance, and artifact signing, including SLSA, in-toto, and Sigstore, how to enforce them in a real pipeline, Experience hardening build environments, git actions, runner isolation, and locked-down secrets handling, Hands-on malicious-package triage and static reverse engineering of obfuscated JavaScript and Python, Client-side-supply-chain investigation experience (Magecart-class, CDN compromise, browser-bundle dependency confusion), Experience with AI accelerated development / supply chain scanning methodologies
Nice to Have
AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts, Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes
What You'll Do.
Staff Supply Chain & Build-System Security Engineer
Trusted Publisher migration
Harden-Runner deployment
runner identity scoping
Cover client-side supply chain risk in customer engagements
How You'll Work.
Communication Scope
Excellent written and verbal communication is essential; translating complex findings into technical and executive-level debriefs
Applying for this Staff Supply Chain & Build-System Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about SentinelOne?
Real rants from real employees. Read before you apply.