Principal Product Security Researcher

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Product Security Researcher in Canada.

This role sits at the forefront of cloud-native product security and software supply chain defense, combining deep technical research with hands-on engineering impact. You will work across complex distributed systems to identify emerging threats, model risks, and design scalable security controls that protect production-grade infrastructure and open-source software supply chains. The position requires strong systems thinking, as you will embed security directly into CI/CD pipelines, Kubernetes environments, and cloud platforms rather than applying it as a final checkpoint. You will influence engineering teams by translating advanced security research into practical, production-ready safeguards. This is a highly technical, individual-contributor role with staff-level scope, offering broad visibility across product and platform engineering. The environment values autonomy, depth of expertise, and the ability to turn security research into actionable system improvements at scale.

Accountabilities:

• Lead advanced security research focused on cloud-native systems, software supply chains, and production infrastructure risks.
• Design and implement secure CI/CD pipelines with embedded controls such as signing, provenance tracking, SBOM generation, and automated security gates.
• Identify, analyze, and mitigate emerging threat vectors across distributed systems and translate findings into engineering solutions.
• Conduct security architecture reviews and threat modeling for Kubernetes-based workloads across multi-cloud environments (AWS and GCP).
• Harden containerized workloads, Kubernetes clusters, IAM configurations, and cloud infrastructure to minimize attack surfaces.
• Define and promote baseline security standards across identity, network, workload, and secrets management domains.
• Evaluate and operationalize CNAPP/CSPM and related tooling to ensure continuous visibility into cloud and product risk.
• Partner with engineering teams to integrate security best practices into development workflows and platform systems.
• Drive cross-functional security improvements through research insights, technical leadership, and hands-on implementation.

Requirements:

• 7+ years of experience in software engineering, security engineering, or a hybrid role with significant hands-on security responsibility.
• Strong programming skills in Go or Python with experience building, reviewing, and debugging production systems.
• Deep expertise in Kubernetes security, including cluster hardening, RBAC, network policies, and admission controllers.
• Extensive experience with AWS and/or GCP, including IAM, workload identity, secrets management, and security services.
• Proven experience designing and securing CI/CD pipelines using modern tools (e.g., GitHub Actions, Cloud Build, Tekton).
• Strong knowledge of container security practices, including image hardening, runtime security, and minimal base images.
• Hands-on experience with software supply chain security frameworks such as SLSA, Sigstore, Cosign, and SBOM generation.
• Solid understanding of security frameworks including OWASP and NIST, with ability to apply them pragmatically in production environments.
• Experience with threat modeling, security research, or offensive security practices (e.g., bug bounty, CTFs, penetration testing).
• Strong communication skills with the ability to influence engineering decisions and explain complex security concepts clearly.
• Bonus: experience with policy-as-code tools, open-source security contributions, or hardened container ecosystems.

Benefits:

• Competitive compensation aligned with senior security engineering and research market benchmarks in Canada.
• Equity participation in a high-growth, venture-backed technology company.
• Comprehensive health, dental, and vision coverage for employees and dependents.
• Flexible, remote-first work environment with global collaboration opportunities.
• Generous flexible time off to support rest and long-term performance.
• Paid parental leave supporting family and caregiving needs.
• Home office and remote work stipends to support setup and productivity.
• Opportunity to work on cutting-edge problems in software supply chain and cloud-native security at global scale.

How Jobgether works:

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

 Why Apply Through Jobgether? 

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1