The role, in a nutshell
Chainguard prioritizes our customersβ security above all else, which means preparing not just for the attacks of today, but for those of tomorrow as well. In this Principal-level role, youβll:- Own the product security research agenda for Chainguard scanning the broader ecosystem, identifying emerging attack patterns, and translating them into clear risks and opportunities for Chainguard and our customers.
- Shape security direction across products and platforms, partnering closely with Product, Engineering, and Security leadership to embed your findings into roadmaps, architecture decisions, and long-term plans.
- Operate as someone who sees the whole ecosystem, spots issues early, and helps others navigate with confidence (and just enough healthy paranoia).
What youβll do:
- Research emerging threats & trends in software supply chain and product security, and analyze their impact on Chainguardβs products and customers.
- Design creative mitigations across people, process, and technology not just proof-of-concept demos, but pragmatic defenses that actually get adopted.
- Lead large-scale, multi-quarter initiatives that materially reduce risk or improve our security maturity across multiple product lines and platforms.
- Partner with executive and senior engineering leadership to drive org-level security strategy, influence key roadmap decisions, and secure buy-in for big, complex changes.
- Identify systematic weaknesses (in systems, structures, and sometimes habits) and develop plans that fix root causes in ways that persist long after youβve moved on to the next hard problem.
- Mentor and uplevel others across Product Security and Engineering by helping teams think more strategically about threats, risk, and long-term security posture.
- Represent Chainguard externally through talks, conferences, and thought leadership, sharing what weβre learning and helping move the industry forward.
You might be a great fit if you:
- Bring deep experience in product or application security, with a track record of leading research or threat-focused work that drove clear, company-level outcomes.
- Have expert knowledge across multiple domains such as secure architecture, application/product security, software supply chain, and org-level risk management and you know how to balance security, velocity, and reliability.
- Are comfortable owning ambiguous, cross-functional problems and turning them into structured, prioritized initiatives that ship and stick.
- Have a proven ability to present complex ideas to executive stakeholders, gaining alignment and driving decision-making at the highest levels.
- Stay at the cutting edge of industry trends, tooling, and research methods not just reading the latest papers, but putting them into practice in a pragmatic way.
- Work independently and with high ownership, while still being a generous collaborator who brings others along for the ride.
- Are comfortable in fast-evolving, uncertain contexts and can build structure.
A few of the benefits we offer:
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options.
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents.
- β Flexible Time Off: Take the time you need β to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents.