Invest in your career with a Madrona-funded company.


Staff Security Software Engineer



Software Engineering
North America · Remote
Posted on Sunday, July 9, 2023

We are an innovative startup founded by the creators of Kubernetes and Sigstore. Our mission is to revolutionize the software industry by providing a secure and trustworthy software supply chain. With our deep expertise in open-source technologies and commitment to enhancing software security, we are seeking a highly skilled and motivated Red Team Software Engineer Lead to join our growing team.

The Elevator Pitch:

As the Red Team Software Engineer Lead, you will be at the forefront of securing our cutting-edge software supply chain solutions. Reporting directly to the CTO, you will lead our red team operations, conduct penetration testing, and evaluate the overall security posture of our systems and infrastructure. Your expertise in software security analysis, combined with a proven track record in red teaming, will be instrumental in safeguarding our products and services.

In this Role, You will have the Opportunity to:

Lead Red Team Operations:

  • Design, plan, and execute red team exercises to assess the security resilience of our software supply chain solutions.
  • Conduct comprehensive assessments of open-source projects, identifying vulnerabilities and potential supply chain attacks.
  • Collaborate with cross-functional teams to simulate real-world attacks, test defenses, and improve security measures.
  • Author threat models and map out attack vectors.
  • Stay current on the latest threats to the software supply chain, and work with engineering leadership and product management to ensure that the Stacklok product line is evolving to address emerging threat vectors.

Penetration Testing and Vulnerability Assessment:

  • Perform rigorous penetration testing and vulnerability assessments on our software supply chain solution and the cloud configuration we use to deploy to our infrastructure.
  • Utilize advanced tools and methodologies to identify and exploit vulnerabilities in software components.
  • Automate CI driven security testing using SAST, and Fuzzing approaches
  • Review code for security impact / risks.

Bug Bounty Program Management:

  • Establish and manage a bug bounty program
  • Engage with external security researchers and the open-source community to receive and triage vulnerability reports.
  • Evaluate and validate vulnerability findings, providing detailed reports

Technical Leadership and Expertise:

  • Serve as a subject matter expert in offensive security, specializing in open-source and software supply chain security.
  • Stay up to date with the latest attack techniques, tools, and industry best practices related to software security and supply chain.
  • Provide technical guidance, mentorship, and support to team members, fostering a collaborative and innovative environment.

Desired Skills & Experience

  • Strong proficiency in software development and extensive experience with open-source projects.
  • Deep expertise in red teaming, penetration testing, and vulnerability assessments.
  • In-depth knowledge of software supply chain security, including understanding the risks associated with open-source components.
  • Familiarity with state-of-the-art tools and techniques used in red team operations and vulnerability assessments.
  • Proven track record of successfully identifying and exploiting vulnerabilities in complex systems.
  • Excellent written and verbal communication skills, with the ability to effectively convey technical concepts to diverse stakeholders.
  • Demonstrated leadership skills, with the ability to motivate and lead a team of security professionals.
  • Professional certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP) are highly desirable.
  • Experience with Go and Javascript, and expertise with security protocols such as OAuth2, asymmetric / symmetric encryption, PKI / X509, secure cookies. Hashing algorithms such as Argon2, bcrypt
  • Experience with Open source communities, for example OWASP, OpenSSF, Linux Foundation projects.

Why Join Us?

This is a great opportunity to join our dynamic startup and contribute to shaping the future of software supply chain security. We offer a competitive salary package, stock options, a flexible remote work environment, and the opportunity to work with industry-leading experts. If you are passionate about cybersecurity and open-source, and want to make a significant impact, we invite you to apply for this exciting role.