Job Description
Team: IT
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Product Security Researcher in the United States.
This role sits at the intersection of deep security engineering and advanced product research, focusing on strengthening the security posture of large-scale cloud-native systems and software supply chains. You will work at a high technical altitude while remaining hands-on, identifying emerging threats, modeling risks, and designing practical defenses that directly shape how secure software is built and shipped. The position blends offensive and defensive security thinking, requiring a strong ability to anticipate vulnerabilities before they reach production. You will collaborate closely with engineering teams to embed security into CI/CD pipelines, container ecosystems, and cloud infrastructure. This is a highly influential, individual-contributor role where your work impacts both product architecture and long-term security strategy. The environment values technical depth, autonomy, and the ability to turn complex security challenges into scalable engineering solutions.
Accountabilities:
- Lead deep technical research into product and platform security risks across cloud-native and distributed systems.
- Design and implement secure software supply chain controls, including SBOMs, provenance, artifact signing, and end-to-end CI/CD security hardening.
- Identify emerging threat vectors and translate findings into practical engineering safeguards across products and infrastructure.
- Conduct security architecture reviews and threat modeling for Kubernetes-based workloads across multi-cloud environments.
- Harden containerized systems, IAM configurations, and cloud infrastructure to reduce attack surface and improve resilience.
- Evaluate, implement, and operationalize security tooling such as CNAPP and CSPM solutions for continuous risk visibility.
- Partner with engineering teams to embed security best practices directly into development workflows and platform systems.
- Develop and enforce baseline security standards across workloads, including policy, identity, network, and secrets management.
- Influence cross-team security strategy through technical leadership, research insights, and hands-on implementation.
- 7+ years of experience in software engineering, security engineering, or a hybrid role with strong hands-on security responsibility.
- Deep expertise in Kubernetes security, including cluster hardening, RBAC, network policies, and admission control mechanisms.
- Strong programming skills in Go or Python, with the ability to build and review production-grade systems.
- Extensive experience with cloud platforms such as AWS and/or GCP, including IAM, workload identity, and security tooling.
- Proven track record designing and securing CI/CD pipelines using modern tools and practices.
- Strong understanding of container security, including image hardening, runtime protection, and minimal base image strategies.
- Hands-on experience with software supply chain security frameworks and tooling (e.g., SLSA, Sigstore, Cosign, SBOM generation).
- Solid knowledge of security frameworks such as OWASP and NIST and their practical application in production environments.
- Experience with threat modeling, security research, or offensive security methodologies is highly valuable.
- Strong communication skills with the ability to influence engineering teams and articulate complex security concepts clearly.
- Bonus: experience with policy-as-code tools, open source security contributions, or DevSecOps platforms.
- Competitive salary aligned with senior security engineering market standards (location-dependent).
- Equity participation in a high-growth, venture-backed technology company.
- Comprehensive health coverage including medical, dental, and vision insurance.
- Flexible, remote-first work environment with global collaboration opportunities.
- Generous paid time off and parental leave policies supporting work-life balance.
- Home office and remote work stipends to support productivity.
- Strong emphasis on learning, research, and professional development in advanced security domains.
- Opportunity to work on cutting-edge software supply chain and cloud security challenges at scale.
Requirements:
Benefits:
Explore More
Date Posted
06/03/2026
Views
0