Sr. Application Security Engineer

Sr. Application Security Engineer

Introduction

As a Sr. Application Security Engineer at vCluster Labs, you are the architect of trust in our diverse ecosystem. In this role, you will be responsible for the end-to-end security of our product, ensuring that vCluster remains the de facto standard for secure Kubernetes multi-tenancy.

Responsibilities

• Core Product Security: Perform deep-dive security reviews of our core Go-based applications and Kubernetes controllers, as well as the frontend user interface. With a targeted focus on avoiding privilege escalation within our multi-tenant architecture.
• Threat Modeling: Lead the threat modeling process for new features, proactively identifying risks associated with shared GPU resources and multi-cloud environments.
• Automated Security: "Shift left" by continuing to integrate security checks into our CI and developer workflows. Optimizing these checks for speed, ensuring security never becomes a bottleneck for engineering velocity. Separately, you will manage automated and manual scanning of our entire product stack.
• Vulnerability Management: Own the lifecycle of security vulnerabilities from discovery to remediation. You will triage both external and internal reports, drive the resolution of critical issues across the engineering organization, and communicate effectively across stakeholders.
• Feature Development: Everyone at the organization contributes to both the ideas and development of new features. Many of which are directly related to security topics such as container breakouts and isolation, pushing the envelope of what’s possible in constrained environments.
• Developer training: Make complex topics easier to understand for all engineers, including new attack vectors and secure coding concepts.

Requirements

• Experience: You have 5+ years in Application Security or Product Security, with a strong focus on containerized environments.
• Kubernetes Depth: You have a deep understanding of Kubernetes architecture, RBAC, and container runtime security. You understand the specific risks of multi-tenancy.
• Code Proficiency: You are comfortable reading and writing Go, which is the language of our core product. You can spot a vulnerability in a PR without relying solely on automated tools.