VisaJobSearch
Jobs / Doc***

Senior Security Engineer, Docker Desktop

Doc*** · Canada
Visa sponsorship details are locked. Unlock company name and apply link with .
Canada271,150-271,150 CAD/yearlyRemote
Remuneration
271,150-271,150 CAD/yearly
Location
Canada
Visa sponsorship
Sponsors visa

Job summary

Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout.

Benefits

Freedom & flexibility; fit your work around your lifeDesignated quarterly Whaleness Days plus end of year Whaleness breakHome office setup; we want you comfortable while you work16 weeks of paid Parental leave (after 6 months of employment)Technology stipend equivalent to $100 USD net/monthPTO plan that encourages you to take time to do the things you enjoyTraining stipend for conferences, courses and classesEquity; we are a growing start-up and want all employees to have a share in theDocker SwagMedicalRetirement and holidays vary by countryRemote-first culture, with offices in Seattle and Paris

Qualifications

  • 6+ years of experience in security engineering, application security, or a closely related discipline, with a track record at senior or staff level.
  • Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience.
  • Strong proficiency in Go, with the ability to review and contribute to production-grade code.
  • Deep understanding of Linux fundamentals relevant to container security: namespaces, cgroups, capabilities, seccomp profiles, AppArmor/SELinux, rootless containers, and privilege boundaries.
  • Solid grasp of OCI specifications and container runtime security (e.g.
  • runc, containerd, BuildKit).
  • Hands-on experience with identity and access management concepts: OAuth 2.0, OIDC, token handling, and auth flows in desktop or cloud-adjacent contexts.
  • Experience performing security design reviews, threat modeling, and participating in secure development workflows.
  • Familiarity with vulnerability management processes: CVE triage, CVSS scoring, coordinated disclosure, and working with external reporters.
  • Strong written and verbal communication

Responsibilities

  • Partner with engineering and product teams throughout the development lifecycle to identify security risks early, from design review through code review and release.
  • Conduct threat modeling and security design reviews for new and evolving product features, with particular focus on authentication, authorization, and container runtime security.
  • Serve as the team's primary liaison to the organization's security group, attending security syncs, relaying guidance, and translating central policy into practical engineering decisions.
  • Act as the first point of contact for incoming vulnerability reports and CVEs: validate severity, reproduce issues, coordinate disclosure timelines, and drive remediation with the relevant engineers.
  • Review Go code with a security mindset, identifying classes of issues such as privilege escalation, insecure defaults, injection risks, and improper credential handling.
  • Contribute security-focused improvements directly to the codebase where appropriate.
  • Develop and maintain internal security documentation, guidelines, and runbooks for the team.
  • Stay current on the Linux security landscape as it pertains to containers: namespaces, cgroups, seccomp, AppArmor, capabilities, and the evolving OCI ecosystem.
  • This role may require participation in an on-call rotation to provide support outside of standard business hours, including evenings, weekends, and holidays, as needed.

Skills

Communication

Degrees

AssociateDegree

Work schedule

On-callRotationShiftWeekend

Industry

AutomotiveMedia

Company size

SmbStartup

Contract length

6 months