Staff Product Security Engineer (Cybersecurity)

TL;DR

Staff Product Security Engineer (Cybersecurity): Building and hardening secure CI/CD pipelines and cloud-native infrastructure to eliminate software supply chain risks with an accent on SLSA, Sigstore, and Kubernetes security. Focus on automating risk exposure capture, optimizing cloud IAM postures, and implementing production-ready security gates.

Location: Remote (Canada)

Company

hirify.global delivers hardened, secure, and production-ready builds of open source software to help organizations build faster and eliminate risk.

What you will do

• Design, build, and maintain secure CI/CD pipelines with automated security gates to catch issues before production.
• Implement software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation (SLSA, Sigstore/Cosign).
• Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
• Harden container images, Kubernetes cluster configurations, and cloud IAM postures to minimize attack surfaces.
• Define and drive adoption of baseline security standards, including pod security standards and secrets management.
• Operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risks.

Requirements

• 7+ years of experience in software or security engineering with meaningful hands-on security responsibility.
• Strong proficiency in Go or Python with the ability to write and debug production-quality code.
• Deep hands-on experience with Kubernetes in production (RBAC, network policies, admission controllers).
• Practical expertise with GCP and/or AWS (IAM, workload identity, security services).
• Proven track record of designing and securing CI/CD pipelines using GitHub Actions, Cloud Build, or Tekton.
• Fluency with container security, image scanning, and software supply chain frameworks (Sigstore, SLSA).

Culture & Benefits

• Remote-first culture with team meetups, bi-annual destination summits, and a monthly stipend for coworking/internet.
• Equity through stock options upon hire and promotion, with a 10-year exercise window.
• 100% covered health, vision, and dental insurance premiums for employees and their dependents.
• Flexible time off to ensure employees can recharge and reset.
• Paid parental leave (18 weeks for birthing parents and 12 weeks for non-birthing parents).