Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure
Take ownership and drive implementation for key programs such as vulnerability management, cloud governance, and product security
Serve as a security subject matter expert for software security and architecture
Partner with engineering to design and implement security architecture and controls across Docker products and platforms
Perform security design reviews and threat modeling of emerging AI products
Integrate security into SDLC through security requirements, design assessments, and automated security testing
Manage Docker’s Vulnerability Disclosure Program (VDP) by validating submissions, and working with engineering to resolve confirmed issues
Design and enforce security configurations in cloud environments (e.g. AWS, GCP, Azure) according to industry best practices
Establish automated monitoring and alerting to detect security anomalies across our environments
Serve on rotating on-call schedule to respond to security incidents, investigate threats, and coordinate remediation efforts
Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote security practices

Requirements

Have at least 5+ years of experience in security engineering roles, with a focus on application and infrastructure security, preferably in a cloud-native or SaaS environment
Possess 3+ years of hands-on development experience in Python or Golang
Demonstrate deep expertise in authentication, authorization, including technologies like OAuth, SAML, OIDC, MFA, cryptography applications and Zero Trust principals.
Have strong hands-on experience with securing cloud ecosystems (e.g: AWS, GCP, Azure)
Understand AI/ML security risks and mitigations, including prompt injection, data poisoning, model extraction, and adversarial attacks
Have deployed runtime security solutions for threat detection and policy enforcement in Kubernetes, Docker environments
Have a track record of building security programs and automations from scratch, applying risk-based prioritization
Have an understanding of compliance regulations (e.g, SOC 2, ISO 27xxx, GDPR, CCPA, FIPS) and ability to align security with compliance requirements
Have excellent communication skills, allowing you to explain complex security concepts clearly to technical and non-technical stakeholders
Understand industry standards, and actively keep up with emerging security technologies and models
Are a team player who drives security change via collaboration and cross-functional partnerships

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringapplication securityinfrastructure securityPythonGolangauthenticationauthorizationcryptographyruntime security solutionssecurity automation

Soft Skills

communicationcollaborationteam playerleadershipproblem-solvingrisk-based prioritizationeducational skillscross-functional partnershipstakeholder engagementchange management

Certifications

SOC 2ISO 27xxxGDPRCCPAFIPS