Manager, Product Security

Job description

Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.

Founded by the industry’s leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default.

Chainguard’s mission is to be the safe source for open source.

The role, in a nutshell:

As a manager for the Product Security team, you will lead and grow Chainguard’s Product Security practice, ensuring that all Chainguard products are designed, built and operated with security at their core. You will manage a team of product security engineers, drive high-impact initiatives and work cross-functionally to integrate security measures into every phase of Chainguard’s software development life cycle through partnership with Engineering and Product.

What you’ll do:

• Lead, manage, coach, and develop a team of Security professionals responsible for Product Security in all Chainguard products.
• Lead Product Security initiatives, ensuring alignment with organizational goals and objectives.
• Develop a broad and deep technical understanding of the services and architectures pertaining to Chainguard products. Contribute to the short and long-term security strategy to ensure that products are designed and built securely by design while improving the secure software development life-cycle (SSDLC).
• Lead new, reoccurring, or ah-hoc security initiatives with end-to-end ownership. Participate in security escalations.
• Collaborate with product and engineering teams to ensure security is integrated into all aspects of the Chainguard products.
• Design and deliver internal collateral, author internal processes,, and contribute to thought‑leadership content to deepen security fluency across Chainguard and among our customers.
• Serve as an escalation point for critical security incidents and ensure timely remediation.

What we’re looking for:

• Secure Coding and DevSecOps Initiatives: Experience in implementing and leading DevSecOps initiatives, frameworks, and tools used for SCA, SAST, CNAPP, threat enrichment, etc.
• Agile Methodologies: Experience with Agile development/Scrum methodologies and incorporating security requirements into the SDLC (CI/CD) with product owners.
• Programming and Deployment: Experience in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).
• Technical Expertise and Industry Standards Knowledge: Extensive experience in secure code reviews, business logic assessments, and application security testing. Deep understanding of network, data, and cloud security principles; and Expert knowledge of security principles, standards, and best practices, such as OWASP, NIST, FedRAMP, ISO, etc.
• You have 10+ years of software or security engineering experience, including supporting multiple teams and complex org-wide initiatives.
• You can lead projects, mentor team members, and provide technical leadership.

You stay current on emerging security threats and technologies, proactively identifying areas for improvement and drive initiatives to enhance the security posture of our products.

Base Salary Range

$184,000—$210,000 USD

About Us

We live and breathe our company values:

We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.

We have a bias for intentional action - We prioritize, plan, try things, and fail fast.

We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.

We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.

A few of the benefits we offer:

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a $400 monthly stipend for coworking spaces, phone and internet costs.
• Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
• 100%  Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
• ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child’s first year.
• For a full list of our benefits and rewards, click here.

If your experience is close but doesn’t fulfill all requirements, please apply. We’re building the best team in technology and are focused on hiring “Chainguardians” with unique backgrounds, perspectives, and experiences.

Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.

©2025 Chainguard. All Rights Reserved.