Senior Product Security Engineer (Cybersecurity)

TL;DR

Senior Product Security Engineer (Cybersecurity): Designing and maintaining secure CI/CD pipelines and hardening cloud-native infrastructure for open-source software builds with an accent on software supply chain security and Kubernetes hardening. Focus on implementing SLSA/Sigstore controls, performing threat modeling for GCP/AWS workloads, and minimizing the attack surface of container images.

Location: Remote (Canada)

Company

hirify.global is a venture-backed company providing hardened, secure, and production-ready builds of open-source software to help organizations eliminate risk and stay compliant.

What you will do

• Design, build, and maintain secure CI/CD pipelines with integrated security gates to capture risk before production.
• Implement software supply chain security controls, including signed artifacts, SBOMs, and provenance attestation using SLSA and Sigstore/Cosign.
• Lead security architecture reviews and threat modeling for Kubernetes-based workloads running on GCP and AWS.
• Harden container images, Kubernetes cluster configurations, and cloud IAM postures to minimize the attack surface.
• Define and drive the adoption of baseline security standards for pod security, network policies, and secrets management.
• Operationalize CNAPP/CSPM tooling to maintain continuous visibility into cloud-native risks.

Requirements

• Must be based in Canada
• 5+ years in software or security engineering with meaningful hands-on security responsibility.
• Strong proficiency in Go or Python with the ability to write production-quality code.
• Deep production experience with Kubernetes, including RBAC, network policies, and admission controllers.
• Practical expertise with GCP and/or AWS (IAM, workload identity, and security services).
• Proven experience securing CI/CD pipelines (GitHub Actions, Cloud Build, Tekton) and working with container security.

Nice to have

• Experience with policy-as-code tools such as OPA, Kyverno, or Conftest.
• Contributions to open-source security projects.
• Background in security research or offensive security (bug bounty, CTF, penetration testing).
• Familiarity with hirify.global Images or minimal/hardened container base image ecosystems.

Culture & Benefits

• Remote-first culture with team meetup opportunities, bi-annual destination summits, and monthly stipends for coworking, phone, and internet.
• Equity stock options upon hire and promotion with a unique 10-year exercise window.
• 100% company-covered health, vision, and dental insurance premiums for employees and dependents.
• Infinite flexible time off to ensure a healthy work-life balance.
• Generous paid parental leave (18 weeks for birthing parents, 12 weeks for non-birthing parents).