Staff Product Security Engineer

What you’ll do:

• Build, design, and maintain secure CI/CD pipelines with automated gates to prevent issues in production, capturing product risk exposure systematically.
• Implement software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation using tools like Sigstore and SLSA.
• Proactively identify emerging customer security needs and develop tailored solutions to address them.

Cloud-Native Product Hardening:

• Conduct security architecture reviews and threat models for Kubernetes workloads on GCP and AWS, focusing on risk mitigation.
• Harden container images, Kubernetes cluster configurations, and cloud IAM postures to reduce attack surfaces across the product stack.
• Define and promote baseline security standards for pod security, network policies, workload identity, and secrets management.
• Evaluate and operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native security risks.

What we're looking for:

• 7+ years in software or security engineering with hands-on security responsibility and proficiency in Go or Python for production code.
• Deep experience with Kubernetes in production, including cluster hardening, RBAC, network policies, and admission controllers.
• Practical expertise with GCP and/or AWS security services, IAM, workload identity, and secrets management.
• Proven track record in designing and securing CI/CD pipelines using tools like GitHub Actions or Cloud Build.
• Fluency in container security, software supply chain security frameworks, and applying OWASP or NIST standards pragmatically.