At a Glance
- Tasks: Design and secure CI/CD pipelines, ensuring software safety at every stage.
- Company: Join Chainguard, a leader in open source security for top global brands.
- Benefits: Enjoy remote work, unlimited time off, and 100% health insurance coverage.
- Other info: Flexible culture with team meetups and stock options for all employees.
- Why this job: Make a real impact on software security while working with cutting-edge technology.
- Qualifications: 7+ years in software or security engineering with strong coding skills in Go or Python.
The predicted salary is between 80000 - 100000 € per year.
Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk. Our customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake.
The role in a nutshell:
You are a deeply technical engineer who gets restless when pipelines aren't locked down. You care about shipping secure software! At Chainguard, you won't be a gate at the end of the process; you'll be embedded in it. This is an individual-contributor Staff role. That means technical leadership, cross-team influence, and owning hard problems.
What you’ll do:
- Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production.
- Systematically, consistently and automatically capture the risk exposure of Chainguard's products.
- Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign).
- Proactively identify emerging customer security needs, and build solutions to meet these.
- Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
- Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack.
- Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management.
- Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.
What we’re looking for:
Required
- 7+ years in software engineering, security engineering, or a combined role with meaningful hands‑on security responsibility throughout.
- Strong proficiency in Go or Python, with the ability to write, review, and debug production-quality code.
- Deep, hands‑on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers).
- Practical expertise with GCP and/or AWS: IAM, workload identity, secrets management, security services (e.g., GCP Security Command Center, AWS Security Hub).
- Proven track record designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton, or similar).
- Fluency with container security: image scanning, distroless/minimal base images, runtime security.
- Experience with software supply chain security tooling and frameworks (Sigstore, SLSA, SBOM generation).
- Solid understanding of OWASP, NIST, and cloud security frameworks and how to apply them pragmatically.
Nice to Have
- Familiarity with Chainguard Images or other minimal/hardened container base image ecosystems.
- Experience with policy-as-code tools (OPA, Kyverno, Conftest).
- Contributions to open source security projects.
- Background in security research or offensive security (bug bounty, CTF, penetration testing).
Benefits
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options.
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
- Unlimited Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child’s first year.
About Us
We live and breathe our company values:
- We are customer obsessed — We focus on delivering solutions to our customers that create value and make their lives better.
- We have a bias for intentional action — We prioritize, plan, try things, and fail fast.
- We don’t take ourselves too seriously (but we do serious work) — We are solving an important problem which takes focus, but we also like to enjoy the journey.
- We trust each other and assume good intentions — We’re transparent with decisions to empower team members to make well informed decisions.
Equal Opportunity
Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
Staff Product Security Engineer New United Kingdom - Remote in London employer: Chainguard, Inc.
Chainguard is an exceptional employer that champions a flexible and remote-first culture, allowing you to work from anywhere while enjoying team meetups and generous stipends for coworking. With a strong commitment to employee well-being, we offer 100% covered health insurance, unlimited flexible time off, and substantial parental leave, all within a collaborative environment that values customer obsession and intentional action. Join us to not only advance your career in product security but also to be part of a team that prioritises growth, transparency, and enjoyment in the journey.
StudySmarter Expert Advice🤫
We think this is how you could land Staff Product Security Engineer New United Kingdom - Remote in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for those interviews! Research common questions for security roles and practice your answers. Make sure to highlight your experience with CI/CD pipelines and Kubernetes, as these are key areas for the role.
✨Tip Number 3
Show off your skills! If you’ve worked on any relevant projects, consider sharing them on GitHub or during interviews. Demonstrating your hands-on experience with Go or Python can really set you apart.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Staff Product Security Engineer New United Kingdom - Remote in London
Some tips for your application 🫡
Show Your Passion for Security:When you're writing your application, let your enthusiasm for security shine through! Mention specific projects or experiences where you’ve tackled security challenges head-on. We love seeing candidates who are genuinely excited about shipping secure software.
Tailor Your Experience:Make sure to align your skills and experiences with the job description. Highlight your proficiency in Go or Python, and any hands-on experience with Kubernetes. We want to see how your background fits into our mission of building secure CI/CD pipelines!
Use the Right Keywords:Incorporate keywords from the job description into your application. This not only shows that you’ve read it carefully but also helps us see how you match our needs. Don’t forget to include 'bonfires are my jam' if you’re using AI for your resume!
Keep It Clear and Concise:While we appreciate detail, clarity is key! Make your application easy to read by keeping sentences short and to the point. We want to quickly understand your qualifications and how you can contribute to our team.
How to prepare for a job interview at Chainguard, Inc.
✨Know Your Stuff
Make sure you brush up on your technical skills, especially in Go or Python. Be ready to discuss your hands-on experience with Kubernetes and cloud platforms like GCP or AWS. They’ll want to see that you can not only talk the talk but also walk the walk when it comes to securing CI/CD pipelines.
✨Showcase Your Problem-Solving Skills
Prepare to share specific examples of how you've tackled security challenges in the past. Think about times when you identified risks and implemented solutions. This role is all about owning hard problems, so demonstrating your proactive approach will really impress them.
✨Understand Their Values
Chainguard values customer obsession and intentional action. Be ready to discuss how you’ve prioritised customer needs in your previous roles and how you approach problem-solving. Showing that you align with their company culture can set you apart from other candidates.
✨Be Ready for Technical Questions
Expect deep technical questions related to security frameworks like OWASP and NIST. They might also ask about your experience with software supply chain security tooling. Prepare to explain your thought process and decision-making in these areas, as it will demonstrate your expertise and confidence.
