Senior Security Engineer (Docker Desktop)

TL;DR

Senior Security Engineer (hirify.global Desktop): Own the security posture of a complex cross-platform product at the intersection of identity, OCI runtimes, and Linux kernel internals with an accent on threat modeling, code reviews, and vulnerability triage. Focus on reviewing Go code for security issues, conducting design reviews for authentication and container runtime security, and driving remediation of CVEs.

Location: Remote from Canada, England (UK), France, Germany, Italy, Portugal, Spain, or United States only

EU Salary Range: €133,600 – €217,800 • Offers Equity
US Salary Range: $205,350 – $330,550 • Offers Equity

Company

Remote-first company building developer tools including hirify.global Desktop, hirify.global Hub, and hirify.global Scout, trusted by 20 million users.

What you will do

• Partner with engineering and product teams to identify security risks early in the development lifecycle, from design to release.
• Conduct threat modeling and security design reviews, focusing on authentication, authorization, and container runtime security.
• Liaise with central security organization, relay guidance, and translate policies into engineering decisions.
• Triage vulnerability reports and CVEs: validate, reproduce, coordinate disclosure, and drive remediation.
• Review Go code for security issues like privilege escalation, injection risks, and credential handling.
• Contribute security improvements to the codebase and maintain internal security documentation.

Requirements

• 6+ years in security engineering or application security at senior/staff level
• Strong proficiency in Go for code review and contributions
• Deep knowledge of Linux container security: namespaces, cgroups, capabilities, seccomp, AppArmor/SELinux, rootless containers
• Understanding of OCI specs and runtimes (runc, containerd, BuildKit)
• Experience with IAM: OAuth 2.0, OIDC, token handling
• Security design reviews, threat modeling, secure development workflows
• Vulnerability management: CVE triage, CVSS, disclosure
• Strong communication skills bridging security and engineering teams

Culture & Benefits

• Remote-first culture with offices in Seattle and Paris
• Freedom and flexibility to fit work around life
• 16 weeks paid parental leave, PTO plan, Whaleness Days and year-end break
• Home office setup, $100/month tech stipend, training for conferences/courses
• Equity for all employees
• Medical benefits, retirement, and holidays vary by country

Hiring process

• Onboarding in first 30 days: familiarize with codebase, team, and security processes
• First 90 days: participate in reviews, own vulnerability triage
• Uses Covey for evaluation in NYC; sponsorship case-by-case