Senior Security Engineer

<div class="content-intro"><p>Tigera provides Calico, a unified network security and observability platform to prevent, detect and mitigate security breaches in Kubernetes clusters. Tigera’s open-source offering, Calico Open Source, is the most widely adopted container networking and security solution.&nbsp;</p> <p>Powering more than 100M containers across 8M+ nodes in 166 countries, Calico software is supported across all major cloud providers and Kubernetes distributions, and is used by leading companies including Discover, Chipotle, NBCUniversal, HanseMerkur, Box, Siemens Healthineers, Playtech, Royal Bank of Canada, and Bell Canada.</p> <p>As our team grows, we are looking for colleagues who not only share our passion for this work and growing our company, but who will also strengthen our company values and help ensure that Tigera remains a great place to work. At our core, our focus is on our customers, who are the heroes of our story; on aiming high and staying nimble in how we get there; on continuous learning to drive our success; and on respecting, collaborating, and supporting each other on a daily basis.&nbsp;</p> <p>If you are looking to help make a substantial impact, and our values and products align with your vision of your career growth, we want to hear from you!</p></div><h3><strong>About Your Role</strong></h3> <p>Tigera is hiring a Senior Security Engineer to own product and cloud security across our product suite. You will lead threat models and security design reviews of new features, partner with engineering to harden our products and SaaS infrastructure, drive vulnerability and CVE management end-to-end, and contribute to detection engineering and the Security Incident Response Team (SIRT).&nbsp;The role spans application security and cloud security, ensuring Tigera's portfolio meets enterprise and regulated-industry compliance requirements while building secure-by-default patterns and self-service guardrails that scale security through automation and developer enablement.</p> <p>We are looking for a pragmatic security minded engineer who is as comfortable shipping security software and tooling as they are leading a threat model, and who scales security by empowering engineering teams rather than becoming a bottleneck.</p> <p>For this position, we are looking to hire in Vancouver (Hybrid).</p> <p>Vancouver Salary Range: CAD $130,000 to CAD $150,000</p> <p><strong>You Will</strong></p> <ul> <li>Lead vulnerability management end-to-end across the Calico portfolio — internal security testing, triage, development of proofs-of-concept and fixes, issuing CVEs, and remediation in partnership with engineering — leveraging AI-assisted tooling to scale outcomes.</li> <li>Conduct threat modeling and security design reviews across Calico Open Source, Calico Enterprise, and Calico Cloud, and drive product hardening and cloud-infrastructure security work to meet enterprise and regulated-industry expectations.</li> <li>Ensure code security across the Calico product portfolio through secure code review, static analysis (SAST) and dependency scanning, and secure coding guidance for engineering teams.</li> <li>Build and develop internal security tooling, write proofs-of-concept, contribute to patches, and dig into product code to validate findings and drive security remediation alongside engineering.</li> <li>Contribute to detection engineering across our cloud footprint and our corporate environment, and participate in the Security Incident Response Team (SIRT) supporting investigations and post-incident reviews.</li> <li>Drive adoption of secure-by-default patterns, paved-road tooling, and AI-assisted security automation across Tigera that scale security through developer enablement.</li> </ul> <p><strong>You Have</strong></p> <ul> <li>5+ years of hands-on security engineering experience across product and/or cloud security</li> <li>Practical experience driving vulnerability management end-to-end — discovery, triage, exploitability assessment, proof-of-concept and fix development, and CVE coordination</li> <li>Experience with threat modeling and security design reviews across the software development lifecycle</li> <li>Experience conducting internal security testing or penetration testing of web applications, APIs, and cloud infrastructure using industry-standard tools (e.g. Burpsuite)</li> <li>A drive to scale security through automation, tooling, and developer enablement in a highly collaborative environment</li> <li>Familiarity of Kubernetes, containers, and cloud security across one or more major providers (GCP, Azure, AWS)</li> <li>Strong written and verbal communication skills, including authoring threat models, security advisories, and customer-facing security artifacts</li> <li>Coding ability in Python, Go or similar</li> </ul> <p><strong>Nice-to-Have</strong></p> <ul> <li>Experience with software supply-chain security, securing host, database, and application solutions in microservices or cloud architecture</li> <li>Experience with penetration testing (purple teaming) infrastructure and web applications</li> <li>Experience with detection engineering experience with security platforms</li> <li>Contributions to open-source security projects, bug bounty programs, public CVE disclosures, or security research publications</li> <li>Industry certifications such as OSCP, OSWE, CISSP, GIAC, or equivalent</li> </ul><div class="content-conclusion"><p>With offices in San Francisco, San Jose, Vancouver (Canada), Cork (Ireland), and London (England), we have a thriving team of diverse individuals from all over the world. We believe in a collaborative, flexible work environment based on respect for, and commitment from, every employee. We also offer a competitive compensation package along with full health, vision, and dental benefits. These benefits, coupled with an amazing team of individuals who believe in our mission and value openness, collaboration, and teamwork, make Tigera an awesome place to work.</p></div>