The Role, in a Nutshell

Chainguard is on a mission to make the software supply chain secure by default—beginning at the source. We are seeking a passionate engineer to join our sustaining team, focused primarily on vulnerability management and the rapid remediation of CVEs affecting Wolfi packages and Chainguard container images. Your efforts will be crucial in discovering, analyzing, and resolving security vulnerabilities, ensuring product integrity and customer confidence by upholding stringent SLAs on CVE fixes.

What You’ll Do

Investigate, triage, and remediate high-priority CVEs impacting our Linux packages and container images, maintaining rapid turnaround (e.g., fix within 7 days, with aggressive SLOs and resolution windows).
Create and maintain targeted patches for CVEs, minimizing exposure and risk across Chainguard’s software offerings.
Analyze vulnerability reports from automated tools, threat intelligence, or customer feedback, determining and coordinating appropriate remediation strategies.
Collaborate with engineering teams, package maintainers, and security stakeholders to validate, test, and deploy security fixes.
Manage a focused backlog devoted to CVE remediations and vulnerability management tasks, efficiently delivering secure updates and reporting on status.
Drive continual improvement of vulnerability management workflows through automation and process enhancements, reducing time from discovery to remediation.
Contribute to documentation and internal knowledge sharing on vulnerability discovery, triage, and remediation.
(As needed) Support packaging and build troubleshooting only in the context of CVE remediation or security updates.

What We’re Looking For

2–3 years of experience with Linux systems in a security engineering, vulnerability management, or sustaining engineering context.
Deep familiarity with vulnerability management or triage, including hands-on experience patching and remediating CVEs in software packages or container images.
Understanding of the full cycle of CVE remediation: from interpreting advisories and scanner outputs, through patching, to testing and deployment.
Experience with security practices in Kubernetes, Helm, and cloud-native environments, particularly around vulnerability exposure and mitigation.
Proficiency in at least one programming language and the ability to quickly understand and assess unfamiliar codebases for vulnerabilities.
Strong debugging, troubleshooting, and analytical skills; able to operate independently in a fast-paced, security-focused environment.
Demonstrated passion for security, software quality, and rapid incident response.

Nice to Have

Active involvement in open source security communities or as a CVE contributor.
Experience working with or maintaining vulnerability management, scanning, or reporting tools.
Familiarity with infrastructure as code (e.g., Terraform) as applied to secure deployment practices.
Experience with packaging tools (apk, rpm, deb), specifically in the context of remediating vulnerabilities or producing secure, patched releases.

Why You’ll Love Working Here

Security with purpose: Play a direct role in making the global software supply chain safer.
Remote by default: Flexible, globally distributed team environment.
Collaborative culture: Progress, impact, and teamwork valued over status or titles.
Fast-moving: High-trust, high-autonomy setting with a focus on intentional action and rapid iteration.
Meaningful mission: Your work enables Chainguard customers to ship software with confidence by ensuring strong, timely vulnerability remediation.

Explore Our Work

Dive into our approach to vulnerability management and CVE response to understand how we deliver on our commitment to secure software supply chains.

Salary & Benefits

Base salary: €84,000 – €104,000
Equity/stock options
Unlimited PTO
Flexible coworking and team meetups
Home office and internet stipend
Comprehensive health, dental, and vision insurance coverage for you and your family

Chainguard is committed to building the best, most diverse team. We encourage candidates from all backgrounds to apply—even if your experience does not align perfectly with every qualification listed.

This rewritten description explicitly centers the responsibilities, expectations, and requirements on CVE discovery, triage, and remediation. General packaging is only referenced when directly supporting vulnerability management, in line with Chainguard’s strategic shift.

  Base Salary Range€84.000—€104.000 EUR

About Us

Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default. 

Chainguard’s mission is to be the safe source for open source.

 

We live and breathe our company values:

We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.

We have a bias for intentional action - We prioritize, plan, try things, and fail fast.

We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.

We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.

 

A few of the benefits we offer:

- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a $400 monthly stipend for coworking spaces, phone and internet costs. 
- Our Approach to Equity:  Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!). 
- 100%  Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck. 
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset. 
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.
- For a full list of our benefits and rewards, click here.

If your experience is close but doesn’t fulfill all requirements, please apply. We’re building the best team in technology and are focused on hiring “Chainguardians'' with unique backgrounds, perspectives, and experiences.

Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.

©2025 Chainguard. All Rights Reserved.