vCluster Labs is hiring a Sr. Application Security Engineer

Role Overview

As a Senior Application Security Engineer, you will be central to ensuring the integrity and resilience of our core product—a Kubernetes-based virtual clustering platform. Your focus will span secure architecture, proactive threat assessment, and seamless integration of security practices across the development lifecycle, particularly in multi-tenant and AI-driven environments.

Key Responsibilities

• Conduct in-depth security assessments of Go-based backend systems, Kubernetes controllers, and frontend interfaces, with special attention to privilege boundaries in shared environments
• Lead threat modeling sessions for new features, identifying risks in GPU sharing, cross-cloud configurations, and container isolation
• Embed security into CI pipelines, balancing thoroughness with developer velocity through optimized, automated checks
• Oversee vulnerability management from detection to resolution, including triage of internal findings and external reports
• Collaborate with engineering teams to resolve high-severity issues and improve secure coding practices
• Translate complex security concepts into accessible guidance for developers, enhancing team-wide awareness of attack vectors and mitigations
• Contribute to the design of security-critical features, especially those involving container escape prevention and runtime hardening

Qualifications

You bring at least five years of experience in application or product security, with deep familiarity in containerized systems and modern cloud-native architectures.

• Proficiency in Go is required, with the ability to manually identify code-level vulnerabilities beyond what scanners detect
• Solid understanding of Kubernetes, including RBAC, pod security policies, and container runtime protections
• Experience with multi-tenancy risks, particularly privilege escalation and data isolation in shared clusters
• Adaptability in fast-moving technical environments, especially those involving AI infrastructure and GPU workloads
• A growth mindset—welcoming feedback as a path to improvement and committed to understanding customer security needs

Preferred Background

• CKS or OSCP certification
• Hands-on experience securing AI/ML workloads or GPU-accelerated cloud platforms
• Track record of building security automation or tooling in Python or Go
• Willingness to help maintain public security documentation and trust resources

Work Environment

This is a remote-first role with team members distributed globally. You’ll have full flexibility in managing your schedule and work location, supported by a culture that values outcomes over hours logged. Occasional collaboration may occur at the Salesforce Tower in San Francisco, but presence is not required.

Benefits

• Competitive salary and equity package
• Platinum-tier health, dental, vision, and life insurance coverage
• Dependent benefits available, with plan details varying by region
• Flexible scheduling to accommodate personal commitments
• Results-driven culture that prioritizes impact and innovation

Our Values

• Make it Happen: We act decisively and persist through challenges
• Own the Outcome: We take responsibility for delivering real value, not just completing tasks
• Create Wow: We measure success by the quality of experience we create
• Open Source, Open Mind: We contribute openly and foster merit-based collaboration
• Build Tomorrow’s Standards, Intentionally: We shape the future of technology with purpose and discipline