Senior Security Engineer

About Docker, Inc

At Docker, Inc, we empower developers by simplifying app development, allowing them to focus on innovation. Our remote-first, global team is driven by a passion for creating exceptional developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the leading tool for building, sharing, and running applications, trusted by both startups and Fortune 100 companies. We are rapidly expanding and are enthusiastic about our future. Join us for an exciting journey!

The Role: Senior Security Engineer

As a Senior Security Engineer at Docker, Inc, you will serve as a crucial advisor to our engineering and product teams. Your primary responsibility will be to embed security into every Docker product from its inception. You will collaborate closely with leadership to define product security strategy, influence critical architectural decisions, and drive the widespread adoption of robust security controls throughout the organization.

You will leverage your deep expertise in secure architecture, threat modeling, and vulnerability management to proactively identify and mitigate risks early within the development lifecycle. Working across diverse environments including cloud infrastructure (AWS, GCP, Azure), containerized systems, and cutting-edge AI/ML products, you will implement scalable, proactive security solutions that support Docker's continuous growth.

This role offers a unique opportunity to build and mature comprehensive security programs within a company whose products are relied upon by millions of developers globally. You will thrive in a fast-paced, technically demanding environment where your security contributions will directly impact both Docker's core platform and the broader container ecosystem.

Key Responsibilities

• Collaborate with leadership to align security initiatives with overarching business goals, ensuring security is integral to product and infrastructure development.
• Take ownership and drive the implementation of critical programs such as vulnerability management, cloud governance, and product security.
• Act as a subject matter expert for software security and architecture.
• Partner with engineering teams to design and deploy security architecture and controls across all Docker products and platforms.
• Conduct security design reviews and perform threat modeling for emerging AI products.
• Integrate security seamlessly into the Software Development Life Cycle (SDLC) through security requirements, design assessments, and automated security testing.
• Manage Docker’s Vulnerability Disclosure Program (VDP), which includes validating submissions and coordinating with engineering to resolve confirmed issues.
• Design and enforce secure configurations in cloud environments (e.g., AWS, GCP, Azure) adhering to industry best practices.
• Establish automated monitoring and alerting systems to detect security anomalies across all operational environments.
• Participate in a rotating on-call schedule to respond to security incidents, investigate threats, and facilitate remediation efforts.
• Educate and collaborate with cross-functional teams, including engineering and product, to foster and promote strong security practices.

Qualifications

• Minimum of 5+ years of experience in security engineering roles, with a strong focus on application and infrastructure security, ideally within a cloud-native or SaaS environment.
• Possess 3+ years of hands-on development experience in Python or Golang.
• Demonstrated deep expertise in authentication and authorization mechanisms, including technologies such as OAuth, SAML, OIDC, MFA, advanced cryptography applications, and Zero Trust principles.
• Strong hands-on experience securing major cloud ecosystems (e.g., AWS, GCP, Azure).
• Comprehensive understanding of AI/ML security risks and effective mitigations, covering areas like prompt injection, data poisoning, model extraction, and adversarial attacks.
• Proven experience deploying runtime security solutions for threat detection and policy enforcement in Kubernetes and Docker environments.
• Track record of building security programs and automations from inception, applying risk-based prioritization effectively.
• Understanding of compliance regulations (e.g., SOC 2, ISO 27xxx, GDPR, CCPA, FIPS) and the ability to align security initiatives with these compliance requirements.
• Excellent communication skills, enabling clear explanation of complex security concepts to both technical and non-technical stakeholders.
• Keen understanding of industry standards and a commitment to staying updated with emerging security technologies and models.
• A collaborative team player who drives security changes through cross-functional partnerships.

What To Expect: Your Journey at Docker, Inc

First 30 Days

• Meet with the security team and key partners across engineering.
• Gain access to team-owned systems and internal documentation.
• Complete security awareness training and compliance onboarding.
• Review application architecture, tech stack, and data flow.
• Familiarize yourself with the risk registry and annual roadmap.
• Understand team workflows and processes.
• Shadow a fellow security engineer during their on-call/secops rotations.

First 90 Days

• Conduct security reviews on emerging Docker products.
• Actively participate in architecture design reviews with the team.
• Serve as the Tech Lead for a security-owned project or initiative.
• Collaborate with Docker developers to validate and resolve discovered vulnerabilities.
• Enhance incident response capabilities by participating in on-call rotation and post-incident activities.
• Effectively manage submissions to our Vulnerability Disclosure Program (VDP).
• Create and maintain security documentation and runbooks.

First Year Outlook

• Execute the security roadmap to continually improve security controls.
• Strengthen Zero Trust architecture and least privilege access controls.
• Enhance security monitoring and anomaly detection systems.
• Perform security reviews for major product releases.
• Conduct a penetration test or engage with external researchers.
• Support audits and ensure compliance with SOC 2, ISO 27xxx.
• Advocate for "security by design" in all product features.
• Lead security awareness campaigns and company-wide security events.

Perks at Docker, Inc

• Freedom & Flexibility: Fit your work around your life.
• Whaleness Days: Designated quarterly days plus an end-of-year break for well-being.
• Home Office Setup: We ensure you are comfortable working remotely.
• Parental Leave: 16 weeks of paid parental leave.
• Technology Stipend: Equivalent to $100 net/month for your tech needs.
• PTO Plan: Encourages taking time for personal enjoyment.
• Training Stipend: For conferences, courses, and classes.
• Equity: A share in the success of a growing startup.
• Docker Swag: Company branded merchandise.
• Benefits: Medical benefits, retirement, and holidays vary by country.
• Remote-First Culture: With physical offices in Seattle and Paris.

Key skills/competency

• Security Engineering
• Cloud Security (AWS, GCP, Azure)
• Application Security
• Infrastructure Security
• Threat Modeling
• Vulnerability Management
• Container Security (Kubernetes, Docker)
• Zero Trust Architecture
• AI/ML Security
• SDLC Security