Build software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.
Principal Engineer, Software Supply Chain Security
Location
United States
Posted
58 days ago
Salary
$157.9K - $338.4K / year
Job Description
Job Requirements
- Deep expertise in software supply chain security, including threat modeling for supply chain attack vectors, SLSA implementation and attestation systems, and SBOM generation and lifecycle management.
- Strong knowledge of artifact signing and verification using the Sigstore ecosystem, including Cosign, Fulcio, Rekor, and in-toto attestations.
- Experience designing and hardening CI/CD security, such as runner isolation, pipeline security controls, and secrets management in large-scale environments.
- Background in distributed systems and infrastructure, including building resilient CI/CD platforms that process high pipeline volumes and optimizing performance for critical paths.
- Practical experience with container security and Kubernetes security, including admission controllers, policy controllers, workload isolation, and registry hardening.
- Proficiency in Go or Rust in a production environment, combined with expert-level understanding of CI/CD workflows and DevSecOps best practices.
- Experience operating as a Principal or Staff Engineer across multiple development teams, providing architectural leadership and partnering with Engineering Managers and senior leaders.
- Demonstrated capacity to clearly communicate complex problems and solutions.
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Engineer – Detection & Response
Vannevar LabsSilicon Valley technology for the country's most critical national security problems
Security Engineer managing detection and response for a defense technology company
Senior Engineer, Product Security
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
Security engineer analyzing and improving cybersecurity for product development
The Safety Director is responsible for implementing the QE Solar Health and Safety program. The Safety Director will assist with planning and implementation of the QE Solar Health and Safety program to ensure a safe, healthy and accident-free work environment. Support QE Solar op...
Senior Cybersecurity OT SME
AmyxAmyx is proud to be an Equal Opportunity Employer. All qualified candidates will be considered without regard to race, color, religion, national origin, age, disability, sexual orientation, gender identity, status as a protected veteran, or any other characteristic protected by law. Amyx is a VEVRAA federal contractor and we request priority referral of veterans. Physical Demands Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.
We are seeking a Cyber Security SME with deep expertise in Operational Technology (OT) security for water and wastewater utilities. This role will lead cybersecurity strategy, architecture, and risk management for industrial control systems (ICS), SCADA networks, and process auto...
