Principal Product Security Researcher in United States at Jobgether
NewJob Function: Marketing
Jobgether
United States, United States
Posted on
New job! Apply early to increase your chances of getting hired.
Explore Related Opportunities
Job Description
Principal Product Security Researcher
Accountabilities:
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Product Security Researcher in the United States.
This role sits at the intersection of deep security engineering and advanced product research, focusing on strengthening the security posture of large-scale cloud-native systems and software supply chains. You will work at a high technical altitude while remaining hands-on, identifying emerging threats, modeling risks, and designing practical defenses that directly shape how secure software is built and shipped. The position blends offensive and defensive security thinking, requiring a strong ability to anticipate vulnerabilities before they reach production. You will collaborate closely with engineering teams to embed security into CI/CD pipelines, container ecosystems, and cloud infrastructure. This is a highly influential, individual-contributor role where your work impacts both product architecture and long-term security strategy. The environment values technical depth, autonomy, and the ability to turn complex security challenges into scalable engineering solutions.
- Lead deep technical research into product and platform security risks across cloud-native and distributed systems.
- Design and implement secure software supply chain controls, including SBOMs, provenance, artifact signing, and end-to-end CI/CD security hardening.
- Identify emerging threat vectors and translate findings into practical engineering safeguards across products and infrastructure.
- Conduct security architecture reviews and threat modeling for Kubernetes-based workloads across multi-cloud environments.
- Harden containerized systems, IAM configurations, and cloud infrastructure to reduce attack surface and improve resilience.
- Evaluate, implement, and operationalize security tooling such as CNAPP and CSPM solutions for continuous risk visibility.
- Partner with engineering teams to embed security best practices directly into development workflows and platform systems.
- Develop and enforce baseline security standards across workloads, including policy, identity, network, and secrets management.
- Influence cross-team security strategy through technical leadership, research insights, and hands-on implementation.
- 7+ years of experience in software engineering, security engineering, or a hybrid role with strong hands-on security responsibility.
- Deep expertise in Kubernetes security, including cluster hardening, RBAC, network policies, and admission control mechanisms.
- Strong programming skills in Go or Python, with the ability to build and review production-grade systems.
- Extensive experience with cloud platforms such as AWS and/or GCP, including IAM, workload identity, and security tooling.
- Proven track record designing and securing CI/CD pipelines using modern tools and practices.
- Strong understanding of container security, including image hardening, runtime protection, and minimal base image strategies.
- Hands-on experience with software supply chain security frameworks and tooling (e.g., SLSA, Sigstore, Cosign, SBOM generation).
- Solid knowledge of security frameworks such as OWASP and NIST and their practical application in production environments.
- Experience with threat modeling, security research, or offensive security methodologies is highly valuable.
- Strong communication skills with the ability to influence engineering teams and articulate complex security concepts clearly.
- Bonus: experience with policy-as-code tools, open source security contributions, or DevSecOps platforms.
- Competitive salary aligned with senior security engineering market standards (location-dependent).
- Equity participation in a high-growth, venture-backed technology company.
- Comprehensive health coverage including medical, dental, and vision insurance.
- Flexible, remote-first work environment with global collaboration opportunities.
- Generous paid time off and parental leave policies supporting work-life balance.
- Home office and remote work stipends to support productivity.
- Strong emphasis on learning, research, and professional development in advanced security domains.
- Opportunity to work on cutting-edge software supply chain and cloud security challenges at scale.
How Jobgether works:
We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.
We appreciate your interest and wish you the best!
Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.
#LI-CL1
Scan to Apply
Just scan this QR code to apply from your phone.
Job Location
United States, United States
Frequently asked questions about this position
Continue to apply
Enter your email to continue. You’ll be redirected to the employer’s application.By clicking Continue, you understand and agree to JobTarget's Terms of Use and Privacy Policy.