[Hiring] Staff Supply Chain Security Engineer @Docker

Role Description

Docker Hardened Images (DHI) is Docker's catalogue of security-hardened, enterprise-grade container images and Helm charts - built to be minimal, up-to-date, and safe to deploy in regulated and security-conscious environments. We're looking for a Staff-level engineer to help shape the technical direction of this catalogue and raise the bar across the team that builds it.

This is not a traditional software engineering role. You'll spend most of your time working with YAML definition files, upstream OSS projects, and the container and Kubernetes ecosystems - packaging and adapting software rather than building it from scratch. At the Staff level, you'll also own the harder, ambiguous problems:

• Catalogue-wide architecture decisions
• Conventions that scale across dozens of images and charts
• Technical strategy that keeps DHI ahead of upstream change

This is a pure individual contributor role - no direct reports. Influence comes through technical leadership, design, and mentorship.

Responsibilities

• Setting catalogue-wide technical direction - defining the conventions, patterns, and architectural decisions that govern how images and Helm charts are authored across DHI, and evolving them as the catalogue grows
• Owning the hardest packaging problems - images and charts with complex upstream dynamics
• Authoring and maintaining image definition files that track upstream OSS releases, define build steps, and keep the catalogue current
• Adapting upstream Helm charts (cert-manager, grafana, mongodb, kyverno, istio, and many more) to work with DHI images
• Driving security hardening strategy - leading CVE triage approaches, hardening decisions, and supply chain posture across the catalogue
• Designing and writing Go-based integration test infrastructure that validates images and charts behave correctly in real Kubernetes environments
• Raising the bar through review and mentorship - reviewing peers' definition and chart PRs
• Partnering across teams with product, security, and customer-facing functions to translate customer needs and regulatory pressures into catalogue priorities and technical decisions
• Engaging upstream - representing DHI in upstream OSS communities on issues that affect security-hardened deployments
• Take part in the paid on-call rotation for the team; respond to incidents, debug production issues, and drive continuous improvement of system reliability

Qualifications

• 8+ years of backend engineering experience with production-grade systems
• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience
• Deep expertise in the container and Kubernetes ecosystem
• Mastery of YAML as a working medium
• Strong container security background
• Go ability sufficient to design test infrastructure
• A maintainer mindset, applied at scale
• Strong technical judgment in ambiguous situations
• Track record of technical influence without authority
• Deep familiarity with GitHub-heavy open source workflows

Bonus but not required

• Experience as a package maintainer (any Linux distribution, Homebrew, etc.)
• Helm chart authorship or contribution experience
• Hands-on experience with supply chain tooling (Sigstore, SBOM, SLSA)
• Experience in a regulated or security-conscious environment (FedRAMP, FIPS, PCI, regulated industries)
• Prior Staff-level IC experience on a platform, security, or developer-tools team

Benefits

• Freedom & flexibility; fit your work around your life
• Designated quarterly Whaleness Days plus end of year Whaleness break
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave (after 6 months of employment)
• Technology stipend equivalent to $100 USD net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country
• Remote-first culture, with offices in Seattle and Paris

Company Description

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.