About the Role

[Employer hidden — sign up to reveal] is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, [Employer hidden — sign up to reveal] helps organizations build faster, stay compliant, and eliminate risk. Our customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. [Employer hidden — sign up to reveal] is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital.

Responsibilities

• Design, build, and maintain secure CI/CD pipelines with security gates.
• Systematically capture risk exposure of [Employer hidden — sign up to reveal]'s products.
• Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore/Cosign).
• Proactively identify emerging customer security needs and build solutions.
• Lead security architecture reviews and threat models for Kubernetes-based workloads on GCP and AWS.
• Harden container images, Kubernetes cluster configurations, and cloud IAM postures.
• Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management.
• Evaluate and operationalise CNAPP/CSPM tooling for cloud-native risk visibility.

Requirements

• 7+ years in software engineering or security engineering.
• Strong proficiency in Go or Python.
• Deep, hands-on experience with Kubernetes in production (cluster hardening, RBAC, network policies, admission controllers).
• Practical expertise with GCP and/or AWS.
• Proven track record designing and securing CI/CD pipelines.
• Fluency with container security.
• Experience with software supply chain security tooling (Sigstore, SLSA, SBOM).
• Solid understanding of OWASP, NIST, and cloud security frameworks.

Nice to Have

• Familiarity with [Employer hidden — sign up to reveal] Images or other hardened container base image ecosystems.
• Experience with policy-as-code tools (OPA, Kyverno, Conftest).
• Contributions to open source security projects.
• Background in security research or offensive security.

About Us

We live and breathe our company values: customer obsessed, bias for intentional action, we don't take ourselves too seriously, and we trust each other. Benefits include flexible remote culture, stock options, 100% covered health insurance, unlimited flexible time off, and 18 weeks paid parental leave. [Employer hidden — sign up to reveal] is an equal opportunity employer.