Staff Product Security Engineer (Cybersecurity)

17 000 - 231 000$

Формат работы

remote (только USA)

Тип работы

fulltime

Грейд

senior

Английский

Страна

UK/US/Canada

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Staff Product Security Engineer (Cybersecurity): Designing and hardening secure CI/CD pipelines and cloud-native product infrastructure with an accent on software supply chain security and Kubernetes hardening. Focus on implementing SLSA/Sigstore standards, minimizing attack surfaces in GCP/AWS, and automating risk exposure capture.

Location: Remote (United States)

Salary: $17,000 - $231,000 USD

Company

hirify.global provides hardened, secure, and production-ready builds of open-source software to help organizations eliminate risk and stay compliant.

What you will do

Design and maintain secure CI/CD pipelines with automated security gates to catch issues before production.
Implement software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore/Cosign).
Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
Harden container images and Kubernetes cluster configurations to minimize the product stack's attack surface.
Evaluate and operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risk.

Requirements

7+ years in software engineering, security engineering, or a combined role.
Strong proficiency in Go or Python for writing and debugging production-quality code.
Deep hands-on experience with production Kubernetes (RBAC, network policies, admission controllers).
Practical expertise with GCP and/or AWS IAM, workload identity, and security services.
Proven track record of designing and securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton).
Must be based in the United States.

Nice to have

Experience with policy-as-code tools such as OPA, Kyverno, or Conftest.
Contributions to open source security projects.
Background in security research or offensive security (bug bounty, CTF, penetration testing).

Culture & Benefits

Remote-first culture with team meetups, bi-annual destination summits, and stipends for coworking and internet.
Comprehensive equity package with stock options and a 10-year exercise window.
100% company-covered health, vision, and dental insurance premiums for employees and dependents.
Infinite flexible time off to ensure work-life balance and recovery.
Generous paid parental leave (up to 18 weeks for birthing parents).

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →