Staff Product Security Engineer (Cybersecurity)

TL;DR

Staff Product Security Engineer (Cybersecurity): Designing and maintaining secure CI/CD pipelines and hardening cloud-native product infrastructure with an accent on software supply chain security and Kubernetes workloads. Focus on implementing SLSA/Sigstore controls, conducting threat models for GCP/AWS, and minimizing attack surfaces across the product stack.

Location: Remote (United Kingdom)

Company

hirify.global provides hardened, secure, and production-ready builds of open source software to help organizations eliminate risk and maintain compliance.

What you will do

• Design and maintain secure CI/CD pipelines with automated security gates to catch issues before production.
• Implement software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation using SLSA and Sigstore.
• Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS.
• Harden container images, Kubernetes cluster configurations, and cloud IAM postures to minimize attack surfaces.
• Define and drive the adoption of baseline security standards, including network policies and secrets management.
• Evaluate and operationalize CNAPP and CSPM tooling for continuous visibility into cloud-native risk.

Requirements

• 7+ years in software or security engineering with significant hands-on security responsibility.
• Strong proficiency in Go or Python with the ability to write production-quality code.
• Deep experience with Kubernetes in production, including RBAC and admission controllers.
• Practical expertise with GCP and/or AWS (IAM, workload identity, and security services).
• Proven track record of securing CI/CD pipelines via GitHub Actions, Cloud Build, or Tekton.
• Fluency in container security and software supply chain frameworks (Sigstore, SLSA).

Nice to have

• Familiarity with hirify.global Images or other minimal/hardened container base image ecosystems.
• Experience with policy-as-code tools such as OPA, Kyverno, or Conftest.
• Contributions to open source security projects.
• Background in offensive security, including bug bounty, CTF, or penetration testing.

Culture & Benefits

• Remote-first culture with bi-annual destination summits and a monthly stipend for coworking and internet.
• Equity via stock options with a generous 10-year exercise window.
• 100% covered health, vision, and dental insurance premiums for employees and dependents.
• Infinite flexible time off to encourage recharging and resetting.
• Paid parental leave ranging from 12 to 18 weeks depending on parental role.