Staff Software Engineer

The role: At Chainguard, we think the best platform work is invisible: the libraries just appear, the builds just work, and the CVEs quietly regret their life choices. Chainguard's Libraries organization is building the secure, reliable factory that continuously builds, verifies, and serves open‑source libraries to our customers and internal teams across multiple ecosystems. You'll join as a Staff Software Engineer on the Libraries Platform team, leading the architecture and implementation of the platform that powers this factory: the services, APIs, and automation that make our libraries reproducible, trustworthy, and always up to date.

This is an infrastructure‑centric, platform role. You'll work on shared services, build and packaging pipelines, and a package index that serves external customers and internal ecosystem teams. You'll help invent and operate the platform that:

• Serves packages to customers at scale
• Automates CVE remediation and verification workflows
• Powers AI‑driven package builds
• Provides shared services across language ecosystems (Java, JavaScript, Python/AI/ML and beyond)

What you'll do:

• Own the architecture and technical direction for the Libraries Platform: the services, pipelines, and package index that power secure, reproducible build, test, and distribution workflows for libraries across multiple ecosystems (Java, JavaScript, Python/AI/ML).
• Design and maintain automation for artifact creation, updates, and verification, including vulnerability scanning, remediation workflows, SBOM and provenance generation, and policy enforcement across our library catalog.
• Build and operate shared platform services such as package indexes, registry mirrors, metadata services, and orchestration tooling that serve both external customers and internal ecosystem teams.
• Develop internal developer tools and CLIs (often in Go) that improve how we build, test, and ship libraries at scale, including integration with build systems and CI/CD for multiple ecosystems.
• Drive reliability, scalability, and observability for the Libraries platform: define SLOs, build monitoring and alerting, and lead incident response and post‑incident improvements.
• Solve complex dependency and build issues in production environments, from toolchain and compiler problems to CI/CD flakiness and registry/package index edge cases.
• Partner closely with ecosystem teams (Java, JavaScript, Python/AI/ML), Platform, Delivery, Sustaining, and Security to ensure the platform meets reliability, security, and product requirements.
• Mentor and unblock other engineers through design reviews, documentation, and hands‑on debugging, helping to "code culture" into how we build and run our libraries platform.

What we're looking for:

• 8+ years designing, building, and operating infrastructure for language ecosystems or developer platforms, such as build systems, package registries, or CI/CD for widely used libraries or services.
• Strong proficiency in Go (Golang) or strong readiness to ramp quickly.
• Proven track record building and owning developer tooling and automation (plugins, CLIs, code generators, or custom pipelines) that improve how engineers build and ship software at scale.
• Strong background in CI/CD, cloud‑native infrastructure, and IaC: containers (Docker/OCI, Kubernetes), public cloud (GCP, AWS, Azure), and tools like Terraform and GitHub Actions/Argo/Tekton (or equivalents).
• Demonstrated ability to debug and resolve complex toolchain, compiler, packaging, and infrastructure failures in production, and to drive those issues to root cause and lasting fixes.
• Comfortable working across SRE / platform / DevOps style responsibilities, including reliability, observability, and performance tuning for critical services and pipelines.
• Excellent communication in a remote, distributed environment, with a bias toward documentation, clarity, and collaboration across product, infra, and security teams.
• A staff‑level ownership mindset: you set technical direction, own critical outcomes, and are comfortable in an early, high‑impact area where engineers help shape both the roadmap and the culture.

Nice to have:

• Open source contributions in ecosystem tooling, libraries, or packaging (Java, JavaScript, Python/ML, or related infra).
• Experience with software supply chain security: SLSA, SBOMs, sigstore, provenance, attestations, or secure‑by‑default packaging practices.
• Background with Linux distributions, packaging, and reproducible build systems (e.g., Alpine, Wolfi, Debian Bazel, CMake, Ninja).
• Familiarity with AI/ML packaging and infrastructure building native Python libraries and ML frameworks (e.g., PyTorch, TensorFlow) and deploying them in cloud/Kubernetes environments.
• Prior experience in SRE, platform engineering, or DevOps roles where you owned infrastructure for developer productivity, CI/CD, or large language‑ecosystem codebases.

About Us: Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default. Chainguard's mission is to be the safe source for open source.

We live and breathe our company values:

• We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.
• We have a bias for intentional action - We prioritize, plan, try things, and fail fast.
• We don't take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.
• We trust each other and assume good intentions - We're transparent with decisions to empower team members to make well informed decisions.

A few of the benefits we offer:

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
• Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years).
• 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
• ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.

If your experience is close but doesn't fulfill all requirements, please apply. We're building the best team in technology and are focused on hiring "Chainguardians" with unique backgrounds, perspectives, and experiences. Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard's Privacy Policy.