Chainguard
Software Engineer (CVE Remediation)
Job Summary
The role involves maintaining and improving secure Linux packages and container images, focusing on vulnerability remediation, debugging build issues, and ensuring high-quality, secure software. Ideal candidates will have experience with Linux systems, container image building, Kubernetes, and infrastructure-as-code tools like Terraform, along with programming skills in languages such as Go. The position requires a detail-oriented, security-conscious mindset and collaboration across teams to deliver robust software solutions. Chainguard offers a remote-first environment with comprehensive benefits and a mission-driven focus on securing software supply chains.
Required Skills
Benefits
Job Description
The Role, in a Nutshell
Chainguard is on a mission to make the software supply chain secure by default—beginning at the source. We are seeking a passionate engineer to join our sustaining team, focused primarily on vulnerability management and the rapid remediation of CVEs affecting Wolfi packages and Chainguard container images. Your efforts will be crucial in discovering, analyzing, and resolving security vulnerabilities, ensuring product integrity and customer confidence by upholding stringent SLAs on CVE fixes.
What You’ll Do
- Investigate, triage, and remediate high-priority CVEs impacting our Linux packages and container images, maintaining rapid turnaround (e.g., fix within 7 days, with aggressive SLOs and resolution windows).
- Create and maintain targeted patches for CVEs, minimizing exposure and risk across Chainguard’s software offerings.
- Analyze vulnerability reports from automated tools, threat intelligence, or customer feedback, determining and coordinating appropriate remediation strategies.
- Collaborate with engineering teams, package maintainers, and security stakeholders to validate, test, and deploy security fixes.
- Manage a focused backlog devoted to CVE remediations and vulnerability management tasks, efficiently delivering secure updates and reporting on status.
- Drive continual improvement of vulnerability management workflows through automation and process enhancements, reducing time from discovery to remediation.
- Contribute to documentation and internal knowledge sharing on vulnerability discovery, triage, and remediation.
- (As needed) Support packaging and build troubleshooting only in the context of CVE remediation or security updates.
What We’re Looking For
- 2–3 years of experience with Linux systems in a security engineering, vulnerability management, or sustaining engineering context.
- Deep familiarity with vulnerability management or triage, including hands-on experience patching and remediating CVEs in software packages or container images.
- Understanding of the full cycle of CVE remediation: from interpreting advisories and scanner outputs, through patching, to testing and deployment.
- Experience with security practices in Kubernetes, Helm, and cloud-native environments, particularly around vulnerability exposure and mitigation.
- Proficiency in at least one programming language and the ability to quickly understand and assess unfamiliar codebases for vulnerabilities.
- Strong debugging, troubleshooting, and analytical skills; able to operate independently in a fast-paced, security-focused environment.
- Demonstrated passion for security, software quality, and rapid incident response.
Nice to Have
- Active involvement in open source security communities or as a CVE contributor.
- Experience working with or maintaining vulnerability management, scanning, or reporting tools.
- Familiarity with infrastructure as code (e.g., Terraform) as applied to secure deployment practices.
- Experience with packaging tools (apk, rpm, deb), specifically in the context of remediating vulnerabilities or producing secure, patched releases.
Why You’ll Love Working Here
- Security with purpose: Play a direct role in making the global software supply chain safer.
- Remote by default: Flexible, globally distributed team environment.
- Collaborative culture: Progress, impact, and teamwork valued over status or titles.
- Fast-moving: High-trust, high-autonomy setting with a focus on intentional action and rapid iteration.
- Meaningful mission: Your work enables Chainguard customers to ship software with confidence by ensuring strong, timely vulnerability remediation.
Explore Our Work
Dive into our approach to vulnerability management and CVE response to understand how we deliver on our commitment to secure software supply chains.
Salary & Benefits
- Base salary: €84,000 – €104,000
- Equity/stock options
- Unlimited PTO
- Flexible coworking and team meetups
- Home office and internet stipend
- Comprehensive health, dental, and vision insurance coverage for you and your family
Chainguard is committed to building the best, most diverse team. We encourage candidates from all backgrounds to apply—even if your experience does not align perfectly with every qualification listed.
About Us
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.
Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default.
Chainguard’s mission is to be the safe source for open source.
We live and breathe our company values:
We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.
We have a bias for intentional action - We prioritize, plan, try things, and fail fast.
We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.
We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.
A few of the benefits we offer:
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a $400 monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.
- For a full list of our benefits and rewards, click here.
If your experience is close but doesn’t fulfill all requirements, please apply. We’re building the best team in technology and are focused on hiring “Chainguardians'' with unique backgrounds, perspectives, and experiences.
Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.
©2025 Chainguard. All Rights Reserved.
Interested in this job?
Applications are no longer being accepted for this job.
Chainguard
Discover Chainguard's hardened, vulnerability-free container images designed to keep your infrastructure secure and efficient.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.