About the role

Sr. Application Security Engineer

Architect of trust for vCluster’s secure Kubernetes multi-tenancy.

Responsibilities

Core Product Security: Conduct deep-dive security reviews of Go-based applications, Kubernetes controllers, and the frontend UI, with a focus on preventing privilege escalation in a multi-tenant architecture.
Threat Modeling: Lead threat modeling for new features, including risks tied to shared GPU resources and multi-cloud environments.
Automated Security / “Shift Left”: Integrate and optimize security checks in CI and developer workflows so security doesn’t slow engineering. Manage automated and manual scanning across the product stack.
Vulnerability Management: Own the vulnerability lifecycle (discovery → remediation): triage external/internal reports, drive fixes for critical issues across engineering, and communicate with stakeholders.
Feature Development (security-focused): Help deliver new features, including security-related areas like container breakouts and isolation in constrained environments.
Developer Training: Teach engineers advanced security topics (attack vectors, secure coding concepts) and improve security understanding across the organization.

Requirements

5+ years in Application Security or Product Security, with strong experience in containerized environments.
Deep knowledge of Kubernetes architecture, including RBAC and container runtime security, with understanding of multi-tenancy risks.
Comfortable reading and writing Go; able to spot vulnerabilities in PRs beyond automated tools.
Strong fit for fast-paced, cutting-edge environments; interest in AI and multi-tenant infrastructure.
Open to feedback and able to understand customer needs and concerns.

Bonus / Nice-to-haves

CKS (Certified Kubernetes Security Specialist) or OSCP.
Experience securing AI workloads or GPU cloud infrastructure.
Experience writing custom security tooling/automation in Python or Go.
Willingness to contribute to public security documentation and a Trust Center.

About vCluster

vCluster Labs (vCluster) is a venture-backed tech startup behind open-source Kubernetes virtualization that enables secure Kubernetes multi-tenancy. The company is in hyper-growth with a remote-first, globally distributed team, and supports platform engineers with a commercial product built on vCluster.