Senior Security Engineer

Overview

Job Description

Responsibilities

• - Partner with engineering and product teams throughout the development lifecycle to identify security risks early, from design review through code review and release.
• - Conduct threat modeling and security design reviews for new and evolving product features, with particular focus on authentication, authorization, and container runtime security.
• - Serve as the team's primary liaison to the organization's security group, attending security syncs, relaying guidance, and translating central policy into practical engineering decisions.
• - Act as the first point of contact for incoming vulnerability reports and CVEs: validate severity, reproduce issues, coordinate disclosure timelines, and drive remediation with the relevant engineers.
• - Review Go code with a security mindset, identifying classes of issues such as privilege escalation, insecure defaults, injection risks, and improper credential handling.
• - Contribute security-focused improvements directly to the codebase where appropriate.
• - Develop and maintain internal security documentation, guidelines, and runbooks for the team.
• - Stay current on the Linux security landscape as it pertains to containers: namespaces, cgroups, seccomp, AppArmor, capabilities, and the evolving OCI ecosystem.

Required Skills

• - 6+ years of experience in security engineering, application security, or a closely related discipline, with a track record at senior or staff level.
• - Bachelor''s degree in Computer Science, Engineering, or a related field, or equivalent practical experience.
• - Strong proficiency in Go, with the ability to review and contribute to production-grade code.
• - Deep understanding of Linux fundamentals relevant to container security: namespaces, cgroups, capabilities, seccomp profiles, AppArmor/SELinux, rootless containers, and privilege boundaries.
• - Solid grasp of OCI specifications and container runtime security (e.g. runc, containerd, BuildKit).
• - Hands-on experience with identity and access management concepts: OAuth 2.0, OIDC, token handling, and auth flows in desktop or cloud-adjacent contexts.
• - Experience performing security design reviews, threat modeling, and participating in secure development workflows.
• - Familiarity with vulnerability management processes: CVE triage, CVSS scoring, coordinated disclosure, and working with external reporters.
• - Strong written and verbal communication skills; comfortable bridging the gap between a dedicated security team and a product engineering team.

Benefits

• - Freedom & flexibility; fit your work around your life
• - Designated quarterly Whaleness Days plus end of year Whaleness break
• - Home office setup; we want you comfortable while you work
• - 16 weeks of paid Parental leave
• - Technology stipend equivalent to $100 net/month
• - PTO plan that encourages you to take time to do the things you enjoy
• - Training stipend for conferences, courses and classes
• - Equity; we are a growing start-up and want all employees to have a share in the success of the company
• - Docker Swag
• - Medical benefits, retirement and holidays vary by country
• - Remote-first culture, with offices in Seattle and Paris