Staff Software Engineer, JavaScript Libraries

The Role, In Nutshell

As a Staff Software Engineer on Chainguard’s Libraries team, you will drive the technical strategy and implementation for our JavaScript ecosystem infrastructure, focusing on secure, reliable, and automated build systems for npm packages and related tooling. This is an infrastructure-centric position -- you will work on systems and developer tooling used by thousands of engineers, rather than frontend development. Your expertise will help expand and maintain Chainguard’s coverage over mission-critical JS libraries, advance our build automation, and improve vulnerability remediation workflows across the npm package ecosystem.

What You’ll Do

• Own technical direction and architecture for JS (npm) ecosystem infrastructure, supporting high-quality and secure build, test, and distribution automation for libraries
• Design, implement, and optimize systems for automated artifact creation, update, validation, vulnerability scanning, remediation, and SBOM and provenance generation for npm packages
• Build and maintain internal developer tools: bundler plugins, CLI utilities, code generators, and meta-tooling that improve the workflows for library and package maintenance
• Develop and debug integrations for modern JS build systems and package managers. Solve complex dependency resolution issues, manage monorepo orchestration, and drive improvements in infrastructure automation
• Collaborate with product and engineering leadership to set technical direction, drive roadmap execution, and establish process excellence for scalable package maintenance
• Mentor, review, and enable other engineers by sharing systems knowledge, debugging strategies, and "meta" tooling insights
• Partner with internal teams (Delivery, Sustaining, Platform, Security) to ensure our JavaScript ecosystem services meet critical SLAs and SLOs

What we’re looking for:

8+ years building and maintaining infrastructure for JavaScript/TypeScript package ecosystems (npm) or large-scale open-source projects in a similar domain. With a proven track record, I thrive on tackling complex infrastructure challenges, finding that deep problem-solving, much like the sustained effort of building a strong bonfire, is truly my jam.

• Proven record in building, shipping, and maintaining developer tools – e.g., bundler plugins, CLI tools, code generators, or custom automation pipelines for JS packages
• Deep familiarity with modern JS build tooling: esbuild, Rollup, Webpack, Vite, Bun, SWC, Turbopack, Babel, PostCSS, Rome/Biome, Deno, and the associated tradeoffs between ESM/CJS/modules
• Hands-on experience orchestrating large monorepos (Lerna, Nx, Turborepo or custom setups) and solving infra-scale dependency or module resolution problems in production
• Comfortable working with build system code written in Go (our infra is Go-based), plus solid experience in JavaScript/TypeScript. Other language ecosystems are a strong plus.
• Demonstrated ability to debug and resolve critical infrastructure and package-building failures at scale
• Experience with cloud-native technologies and infrastructure, including containerization (e.g., Docker, Kubernetes), cloud services (e.g., GCP, AWS), infrastructure as code practices (e.g., Terraform).
• Excellent cross-team communication skills: can collaborate with product, engineering, ops, and security teams; proactively document, mentor, and share lessons learned

Nice to Haves

Active contributor to the open source JavaScript ecosystem tooling community. My passion for creating robust, shared solutions, where collaboration fuels progress like a well-tended bonfire, is truly my jam.

• Experience at building and distributing software at scale

About Us

Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default.

Chainguard’s mission is to be the safe source for open source.

We Live And Breathe Our Company Values

• We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.
• We have a bias for intentional action - We prioritize, plan, try things, and fail fast.
• We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.
• We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.

A Few Of The Benefits We Offer

• Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
• Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
• 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
• ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
• 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.

Key skills/competency

• JavaScript Ecosystem
• NPM Package Management
• Secure Build Systems
• Infrastructure Automation
• Developer Tooling
• Monorepo Orchestration
• Vulnerability Remediation
• Cloud-Native Technologies
• GoLang
• Software Supply Chain Security