Principal Product Security Researcher

Principal Product Security Researcher

This role sits at the intersection of deep security engineering and advanced product research, focusing on strengthening the security posture of large-scale cloud-native systems and software supply chains. You will work at a high technical altitude while remaining hands-on, identifying emerging threats, modeling risks, and designing practical defenses that directly shape how secure software is built and shipped. The position blends offensive and defensive security thinking, requiring a strong ability to anticipate vulnerabilities before they reach production. You will collaborate closely with engineering teams to embed security into CI/CD pipelines, container ecosystems, and cloud infrastructure. This is a highly influential, individual-contributor role where your work impacts both product architecture and long-term security strategy. The environment values technical depth, autonomy, and the ability to turn complex security challenges into scalable engineering solutions.

Accountabilities:

• Lead deep technical research into product and platform security risks across cloud-native and distributed systems.
• Design and implement secure software supply chain controls, including SBOMs, provenance, artifact signing, and end-to-end CI/CD security hardening.
• Identify emerging threat vectors and translate findings into practical engineering safeguards across products and infrastructure.
• Conduct security architecture reviews and threat modeling for Kubernetes-based workloads across multi-cloud environments.
• Harden containerized systems, IAM configurations, and cloud infrastructure to reduce attack surface and improve resilience.
• Evaluate, implement, and operationalize security tooling such as CNAPP and CSPM solutions for continuous risk visibility.
• Partner with engineering teams to embed security best practices directly into development workflows and platform systems.
• Develop and enforce baseline security standards across workloads, including policy, identity, network, and secrets management.
• Influence cross-team security strategy through technical leadership, research insights, and hands-on implementation.

Requirements:

• 7+ years of experience in software engineering, security engineering, or a hybrid role with strong hands-on security responsibility.
• Deep expertise in Kubernetes security, including cluster hardening, RBAC, network policies, and admission control mechanisms.
• Strong programming skills in Go or Python, with the ability to build and review production-grade systems.
• Extensive experience with cloud platforms such as AWS and/or GCP, including IAM, workload identity, and security tooling.
• Proven track record designing and securing CI/CD pipelines using modern tools and practices.
• Strong understanding of container security, including image hardening, runtime protection, and minimal base image strategies.
• Hands-on experience with software supply chain security frameworks and tooling (e.g., SLSA, Sigstore, Cosign, SBOM generation).
• Solid knowledge of security frameworks such as OWASP and NIST and their practical application in production environments.
• Experience with threat modeling, security research, or offensive security methodologies is highly valuable.
• Strong communication skills with the ability to influence engineering teams and articulate complex security concepts clearly.
• Bonus: experience with policy-as-code tools, open source security contributions, or DevSecOps platforms.

Benefits:

• Competitive salary aligned with senior security engineering market standards (location-dependent).
• Equity participation in a high-growth, venture-backed technology company.
• Comprehensive health coverage including medical, dental, and vision insurance.
• Flexible, remote-first work environment with global collaboration opportunities.
• Generous paid time off and parental leave policies supporting work-life balance.
• Home office and remote work stipends to support productivity.
• Strong emphasis on learning, research, and professional development in advanced security domains.
• Opportunity to work on cutting-edge software supply chain and cloud security challenges at scale.