{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/slsa"},"x-facet":{"type":"skill","slug":"slsa","display":"Slsa","count":5},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_5003c49e-cf6"},"title":"Engineering Manager, SSCS: Supply Chain","description":"

As an Engineering Manager, you'll guide GitLab's dedicated Software Supply Chain Security (SSCS) Add-On engineering team as it develops core capabilities including Dependency Firewall, Build Provenance, Malicious Packages detection, and Artifact Signing.

\n

This is a founding management role where you'll help shape how the team works, partner closely with the Staff Backend Engineer, Product Manager, and SSCS stage management, and turn a defined roadmap into steady, high-quality delivery for enterprise customers with strict security and compliance needs.

\n

You'll focus on developing the team, creating a healthy operating rhythm, and establishing predictable execution for the SSCS SKU.

\n

You'll join a product area where customers in regulated industries are already validating the need, and your work will help GitLab deliver software supply chain security features that customers can rely on.

\n

While technical credibility matters, your main focus will be growing a strong backend engineering team, enabling team members in their development, and creating the conditions for long-term delivery and quality.

\n

Responsibilities:

\n\n\n\n\n\n\n\n\n

Requirements:

\n\n\n\n\n\n\n\n\n

About the team: The SSCS Add-On team is a product engineering team within GitLab's Software Supply Chain Security stage. We work on key capabilities in the SSCS Add-On SKU and collaborate closely with product and engineering partners to deliver security features for customers operating in regulated environments.

\n

You'll report to the SSCS Senior Engineering Manager and partner directly with the Staff Backend Engineer and Product Manager.

\n

As a distributed team working asynchronously across regions, we are focused on strong delivery practices, team health, and scaling the product area with clarity and accountability.

\n

For more on how related teams work, see Team Handbook Page.

\n

How GitLab Supports Full-Time Employees:

\n\n\n\n\n\n\n\n

XML job scraping automation by YubHub

","url":"https://yubhub.co/jobs/job_5003c49e-cf6","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8478405002","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["GitLab","Software Supply Chain Security","Dependency Firewall","Build Provenance","Malicious Packages detection","Artifact Signing","Backend engineering","Security","DevOps","Platform engineering","Package registries","CI/CD pipeline security","Signing infrastructure","Supply chain security","Artifact management","Compliance-focused product areas","Frameworks and ecosystems","SLSA","Sigstore"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:49:15.915Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, India"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"GitLab, Software Supply Chain Security, Dependency Firewall, Build Provenance, Malicious Packages detection, Artifact Signing, Backend engineering, Security, DevOps, Platform engineering, Package registries, CI/CD pipeline security, Signing infrastructure, Supply chain security, Artifact management, Compliance-focused product areas, Frameworks and ecosystems, SLSA, Sigstore"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_a3a1df2f-184"},"title":"Principal Engineer, Software Supply Chain Security","description":"

As the Principal Engineer, Software Supply Chain Security, you'll own the technical strategy that secures how software is built and delivered on GitLab's DevSecOps platform. You'll provide architectural leadership across multiple engineering teams.

\n

Your work will shape GitLab's enterprise security posture in the rapidly growing software supply chain security market. You'll focus on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture.

\n

Some examples of our projects:

\n\n

You'll lead the end-to-end software supply chain security architecture for GitLab's CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening. You'll drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.

\n

You'll collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale. You'll propose and validate technical implementations that support architectural changes to improve CI/CD scaling and performance on critical paths.

\n

You'll teach, mentor, and coach Staff Engineers and individual contributors, raising the bar on supply chain threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.

\n

You'll partner with Engineering Managers and senior leadership to define roadmaps, break down complex initiatives, and enable Staff Engineers to lead sub-department-wide efforts.

\n

You'll engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab's software supply chain security capabilities and roadmap.

\n

You'll collaborate with product, security, and compliance stakeholders to ensure features meet enterprise security, governance, and regulatory expectations in the software supply chain security market.

\n

Key responsibilities include:

\n\n

Key requirements include:

\n\n

Preferred qualifications include:

\n\n

Our Software Supply Chain Security stage engineering teams are responsible for authentication and access within GitLab. We also build features that help customers manage vulnerabilities, dependencies, security policies, and compliance frameworks across their organizations.

\n

The base salary range for this role's listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits.

\n

XML job scraping automation by YubHub

","url":"https://yubhub.co/jobs/job_a3a1df2f-184","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8373553002","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$157,900-$338,400 USD","x-skills-required":["software supply chain security","threat modeling","SLSA implementation","attestation systems","SBOM generation","lifecycle management","artifact signing","verification","Sigstore ecosystem","Cosign","Fulcio","Rekor","in-toto attestations","CI/CD security","runner isolation","pipeline security controls","secrets management","distributed systems","infrastructure","container security","Kubernetes security","admission controllers","policy controllers","workload isolation","registry hardening","Go","Rust","CI/CD workflows","DevSecOps best practices"],"x-skills-preferred":["background in distributed systems and infrastructure","practical experience with container security and Kubernetes security","proficiency in Go or Rust in a production environment","expert-level understanding of CI/CD workflows and DevSecOps best practices","experience operating as a Principal or Staff Engineer across multiple development teams"],"datePosted":"2026-04-18T15:45:22.426Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, Canada; Remote, Israel; Remote, Netherlands; Remote, United Kingdom; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"software supply chain security, threat modeling, SLSA implementation, attestation systems, SBOM generation, lifecycle management, artifact signing, verification, Sigstore ecosystem, Cosign, Fulcio, Rekor, in-toto attestations, CI/CD security, runner isolation, pipeline security controls, secrets management, distributed systems, infrastructure, container security, Kubernetes security, admission controllers, policy controllers, workload isolation, registry hardening, Go, Rust, CI/CD workflows, DevSecOps best practices, background in distributed systems and infrastructure, practical experience with container security and Kubernetes security, proficiency in Go or Rust in a production environment, expert-level understanding of CI/CD workflows and DevSecOps best practices, experience operating as a Principal or Staff Engineer across multiple development teams","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":157900,"maxValue":338400,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_cbaf9906-291"},"title":"Platform Hardware Security","description":"

We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.

\n

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

\n

Responsibilities:

\n\n\n\n\n\n\n\n\n\n\n

Who you are:

\n\n\n\n\n\n\n\n\n\n\n

Strong candidates may also have:

\n\n\n\n\n\n\n\n\n

Annual Salary: $405,000-$485,000 USD

\n

Logistics:

\n\n\n\n\n\n

Why work with us?

\n\n\n\n\n\n

Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

\n

XML job scraping automation by YubHub

","url":"https://yubhub.co/jobs/job_cbaf9906-291","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://www.anthropic.com/","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/4929689008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$405,000-$485,000 USD","x-skills-required":["Secure boot","Measured boot","Attestation technologies","Cryptographic protocols","Hardware security modules","UEFI/BIOS or embedded firmware security","Bootloader hardening","Chain of trust implementation","Low-level programming","Systems programming","Firmware vulnerability assessment","Threat modeling","Supply chain security","NIST firmware security guidelines","Hardware security frameworks"],"x-skills-preferred":["Confidential computing technologies","Hardware-based TEEs","SLSA framework","Software supply chain security standards","Large-scale HPC or cloud infrastructure","Open-source security projects","Formal verification","Security proof techniques","Silicon root of trust implementations","Vendor collaboration","AI/ML infrastructure security"],"datePosted":"2026-04-18T15:43:00.394Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY | Seattle, WA; San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Secure boot, Measured boot, Attestation technologies, Cryptographic protocols, Hardware security modules, UEFI/BIOS or embedded firmware security, Bootloader hardening, Chain of trust implementation, Low-level programming, Systems programming, Firmware vulnerability assessment, Threat modeling, Supply chain security, NIST firmware security guidelines, Hardware security frameworks, Confidential computing technologies, Hardware-based TEEs, SLSA framework, Software supply chain security standards, Large-scale HPC or cloud infrastructure, Open-source security projects, Formal verification, Security proof techniques, Silicon root of trust implementations, Vendor collaboration, AI/ML infrastructure security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":405000,"maxValue":485000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_f2ee807d-528"},"title":"Security Engineer","description":"

We're seeking a Security Engineer at the senior-level or above focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production.

\n

As a Security Engineer, you will be the technical authority on how Saronic builds, ships, and runs secure software. You will lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling.

\n

You will conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning. You will drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third-party crates and libraries.

\n

You will secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement. You will design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations.

\n

You will define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages. You will architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet-wide consistency and integrity.

\n

You will design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemeral, isolated, and hardened.

\n

You will build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation.

\n

You will integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self-service pipeline templates that enable teams to ship without bottlenecks.

\n

You will design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities.

\n

You will implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services.

\n

You will define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path.

\n

XML job scraping automation by YubHub

","url":"https://yubhub.co/jobs/job_f2ee807d-528","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictechnologies.com/","logo":"https://logos.yubhub.co/saronictechnologies.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/70738ef6-22be-464f-a451-09882093482d","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Rust","NixOS","CI/CD pipeline security","software supply chain security","SLSA framework principles","provenance tracking","hermetic builds","signed attestations","SBOM generation","security scanning","SAST","SCA","container scanning","secrets detection"],"x-skills-preferred":["NixOS experience","hands-on NixOS experience","experience securing software for embedded or resource-constrained Linux environments"],"datePosted":"2026-04-17T12:58:06.790Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Rust, NixOS, CI/CD pipeline security, software supply chain security, SLSA framework principles, provenance tracking, hermetic builds, signed attestations, SBOM generation, security scanning, SAST, SCA, container scanning, secrets detection, NixOS experience, hands-on NixOS experience, experience securing software for embedded or resource-constrained Linux environments"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_fb4fa003-a73"},"title":"Platform Hardware Security Engineer","description":"

About the Role

\n

We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.

\n

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

\n

What you'll do:

\n\n

Who you are:

\n\n

Strong candidates may also have:

\n\n

Logistics

\n\n

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

\n

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

\n

How we're different

\n

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts.

\n

XML job scraping automation by YubHub

","url":"https://yubhub.co/jobs/job_fb4fa003-a73","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://job-boards.greenhouse.io","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/4929689008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$405,000 - $485,000 USD","x-skills-required":["firmware security","hardware security","secure boot","measured boot","attestation technologies","cryptographic protocols","hardware security modules","UEFI/BIOS","embedded firmware security","bootloader hardening","chain of trust implementation","low-level programming","systems programming","firmware vulnerability assessment","threat modeling","supply chain security","NIST firmware security guidelines","hardware security frameworks"],"x-skills-preferred":["confidential computing technologies","hardware-based TEEs","SLSA framework","software supply chain security standards","large-scale HPC or cloud infrastructure","open-source security projects","formal verification","security proof techniques","silicon root of trust implementations","AI/ML infrastructure security"],"datePosted":"2026-03-08T13:47:08.377Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY; Seattle, WA; San Francisco, CA; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"firmware security, hardware security, secure boot, measured boot, attestation technologies, cryptographic protocols, hardware security modules, UEFI/BIOS, embedded firmware security, bootloader hardening, chain of trust implementation, low-level programming, systems programming, firmware vulnerability assessment, threat modeling, supply chain security, NIST firmware security guidelines, hardware security frameworks, confidential computing technologies, hardware-based TEEs, SLSA framework, software supply chain security standards, large-scale HPC or cloud infrastructure, open-source security projects, formal verification, security proof techniques, silicon root of trust implementations, AI/ML infrastructure security","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":405000,"maxValue":485000,"unitText":"YEAR"}}}]}