logo inner

Principal Security Researcher

ChainguardWorldwideRemote
This job is no longer open

Open Source has taken over the world of software development. However, the largest trade off still persists, security. Companies spend an enormous amount of time and resources patching and fortifying open source software in order to ship with confidence & compliance. 
Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default. Customers including Snowflake, Canva, and HPE rely on Chainguard to build securely with open source software across the organization.Chainguard is the safe source for open source.

About Us


We live and breathe our company values:

We are customer obsessed


- Our true advantage is the strength of our relationships with customers through collaboration, empathy, and responsiveness.  We establish trust as we educate, advocate, and listen to their needs.  Our focus is on delivering solutions to our customers that create value and make their lives better. 

We have a bias for intentional action


- We’re a start-up and we need to move fast. However we need to move fast through intentional action to make sure we’re able to deliver quickly and efficiently on what is most impactful to our collective success.  We prioritize, plan, try things, and fail fast.  We think about how what we do impacts other teams and communicate our progress - owning the whole solution from start to finish. If we move fast enough, we can make two or three mistakes, learn, and correct them before competitors even make their first decision.

We don’t take ourselves too seriously (but we do serious work)


- Though we are solving an important problem which takes focus and a degree of seriousness, we don’t take ourselves too seriously while we do.  We laugh, have fun, embrace uniqueness, and enjoy the journey. Together.

We trust each other and assume good intentions


- We hire great team members and trust them to do their work. We’re transparent with data, news, and decisions - positive or negative - to empower team members to make well informed decisions. Showing up for each other fully means we celebrate each other’s accomplishments as well as give compassionate direct feedback when needed.  We always default to assuming good intentions.

The role, in a nutshell:


You will serve within Chainguard Labs as the expert on discovering open source software (OSS) vulnerabilities and analyzing and demonstrating OSS exploits. You will design and lead activities that involve searching for vulnerabilities in the source code associated with packages in Wolfi, the package repository behind Chainguard Images. You will also ensure that all vulnerability discovery is handled responsibly and within a sound ethical framework. You will also analyze and demonstrate proof-of-concept exploits for vulnerabilities and assess mitigation strategies.

Finally, you will write and widely present on these efforts. You should be comfortable with an external role speaking and writing about your research, open source software security, and Chainguard.Supervising junior researchers, contractors and interns would also be part of the role.What you'll do:

  • Design and conduct in-depth research related to discovering open source software vulnerabilities and developing or implementing proof-of-concept exploits
  • Responsibly disclose any research findings following industry best practices 
  • Communicate research findings through clear and concise written reports, published articles, and blog posts.
  • Engage in public speaking engagements, workshops, and industry conferences to represent your research initiatives.
  • Provide technical guidance and mentorship to junior researchers, contractors, and interns, fostering a collaborative environment.

What we're looking for:


  • Must have discovered one or more vulnerabilities (CVEs) associated with open source software.
  • Experience with responsible disclosure of vulnerabilities
  • Excellent communication skills, both written and verbal, with the ability to present research findings to technical and non-technical audiences.
  • Comfortable with public speaking engagements and interacting with industry experts.
  • A track record of speaking publicly about computer security topics
  • Some experience writing for external audiences about computer security topics

Base Salary Range$175,000—$200,000 USD

A few of the benefits we offer (for our full time employees):


  • Equity/stock options
  • Unlimited PTO
  • Remote work with flexible coworking and team meetup opportunities
  • Home office and internet stipend
  • 100% health/dental/vision insurance coverage for you and your family

If your experience is close but doesn’t fulfill all requirements, please apply. Chainguard is on a mission to build the best team. To achieve our goal, we are focused on hiring “Guardians'' with unique backgrounds, perspectives, and experiences. Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.For US based roles - Chainguard participates in E-Verify and will provide the federal government with employee Form I-9 Information to confirm authorization to work in the U.S. Chainguard, Inc. only uses E-Verify once a candidate has accepted a job offer and completed the Form I-9. If E-Verify cannot confirm that an employee is authorized to work, Chainguard, Inc. will give the employee written instructions and an opportunity to contact the Department of Homeland Security (DHS) or Social Security Administration (SSA) so the employee can begin to resolve the issue before any adverse employment action is taken.

For more information about your right to work, please see the Notice of Right to Work.By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.

This job is no longer open

Life at Chainguard

Applying Zero-Trust principles to supply chain security to make the software lifecycle secure by default. We help organizations manage their open source and overall software supply chain security risk.
Thrive Here & What We Value1. Customer obsessed2. Intentional action3. Trust and good intentions4. Positive relationships5. Embrace uniqueness and enjoy the journey6. Transparency in data, news, and decisions7. Mentorship and teamwork8. Equal opportunity employer9. Flexible remote work options10. Delivering value-creating solutions
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb 3.0 JobsiOS Developer JobsFront End Developer Remote JobsJobs in AustinAccount Manager Remote JobsCannabis Careers
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2024