Principal Product Security Researcher

New

United StatesFull-TimePrincipal

Salary not disclosed

Apply NowOpens the employer's application page

Job Details

7+ years of experience in software engineering, security engineering, or a hybrid role with strong hands-on security responsibility.
Deep expertise in Kubernetes security, including cluster hardening, RBAC, network policies, and admission control mechanisms.
Strong programming skills in Go or Python, with the ability to build and review production-grade systems.
Extensive experience with cloud platforms such as AWS and/or GCP, including IAM, workload identity, and security tooling.
Proven track record designing and securing CI/CD pipelines using modern tools and practices.
Strong understanding of container security, including image hardening, runtime protection, and minimal base image strategies.
Hands-on experience with software supply chain security frameworks and tooling (e.g., SLSA, Sigstore, Cosign, SBOM generation).
Solid knowledge of security frameworks such as OWASP and NIST and their practical application in production environments.
Experience with threat modeling, security research, or offensive security methodologies is highly valuable.
Strong communication skills with the ability to influence engineering teams and articulate complex security concepts clearly.

Lead deep technical research into product and platform security risks across cloud-native and distributed systems.
Design and implement secure software supply chain controls, including SBOMs, provenance, artifact signing, and end-to-end CI/CD security hardening.
Identify emerging threat vectors and translate findings into practical engineering safeguards across products and infrastructure.
Conduct security architecture reviews and threat modeling for Kubernetes-based workloads across multi-cloud environments.
Harden containerized systems, IAM configurations, and cloud infrastructure to reduce attack surface and improve resilience.
Evaluate, implement, and operationalize security tooling such as CNAPP and CSPM solutions for continuous risk visibility.
Partner with engineering teams to embed security best practices directly into development workflows and platform systems.
Develop and enforce baseline security standards across workloads, including policy, identity, network, and secrets management.
Influence cross-team security strategy through technical leadership, research insights, and hands-on implementation.

View Full Description & ApplyYou'll be redirected to the employer's site