Secure the Software Supply Chain: Join the Docker Hardened Images Team
The Docker Hardened Images (DHI) team is on a mission to deliver the industry's most secure, enterprise-grade container images and Helm charts. Our meticulously built catalog is minimal, up-to-date, and explicitly designed for deployment in highly regulated and security-conscious environments. We are seeking a dedicated professional to join us in making this critical security infrastructure possible.
This isn't your traditional software engineering role. If you thrive on deep dives into YAML, mastering upstream OSS projects, and navigating the complexities of the container and Kubernetes ecosystems, then this role is for you. You'll spend your time packaging and adapting software, ensuring its integrity and security, rather than building from scratch. This opportunity will resonate strongly with those who have maintained packages for Linux distributions, contributed to upstream Helm charts, or served as a platform/infrastructure engineer with a keen focus on security.
What You'll Do: Core Responsibilities
Architect and Maintain Security-Hardened Images: Author and maintain sophisticated image definition files that meticulously track upstream OSS project releases, define secure build steps, and ensure our catalogue remains current across dozens of critical images.
Adapt and Secure Helm Charts: Innovate by adapting upstream Helm charts (including cert-manager, grafana, mongodb, kyverno, and many more) to seamlessly integrate with DHI images, addressing stringent security constraints, non-root contexts, and Kubernetes compatibility concerns.
Drive Version Control & Dependency Management: Expertly track upstream version releases and semver patterns across monorepos and standard repositories, skillfully managing major version breaks and intricate dependency chains to maintain a robust and up-to-date ecosystem.
Validate Security & Functionality: Develop comprehensive Go-based integration tests to rigorously validate that images and charts behave correctly and securely in real-world Kubernetes environments.
Lead CVE Triage & Hardening: Proactively triage Common Vulnerabilities and Exposures (CVEs) and contribute directly to critical security hardening decisions across our image catalogue.
Ensure Quality & Consistency: Conduct thorough reviews of peers' definition and chart PRs, enforcing established conventions and identifying subtle issues before they impact customers.
What You'll Bring: Essential Qualifications
Experience: 6+ years of backend engineering experience working with production-grade systems.
Education: Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience.
Kubernetes & Container Mastery: Strong familiarity with the container and Kubernetes ecosystem – you not only know what cert-manager, kyverno, grafana, and istio are, but you've deployed them and can confidently read upstream Helm chart source.
YAML Proficiency: Absolute comfort with YAML as a primary working medium; you think critically about structure, conventions, and patterns.
Container Security Acumen: A solid understanding of container security fundamentals, including non-root users, UID/GID, image layers, multi-arch builds, and supply chain concepts.
Go Language Skills: Sufficient Go ability to confidently read and write test code, even if not building distributed systems from scratch.
Maintainer Mindset: You possess a strong maintainer mindset, taking pride in consistency, actively catching pattern drift, and always considering the downstream impact of your changes.
Open Source Workflow Expertise: Familiarity with GitHub-heavy open source workflows, including PRs, upstream tracking, and monorepo conventions.
Bonus Points if You Have: Experience as a package maintainer (any Linux distribution, Homebrew, etc.). Docker considers sponsorship on a case-by-case basis based on business needs. Why Docker? Perks & Culture Freedom & Flexibility: Fit your work around your life. Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be. #LI-REMOTE We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.
Helm chart authorship or significant contribution experience.
Familiarity with software supply chain tooling (Sigstore, SBOM, SLSA).
Experience working within a regulated or security-conscious environment.
At Docker, we believe in empowering our people as much as we empower developers. Join a remote-first culture that values flexibility, growth, and work-life balance.
Dedicated "Whaleness" Time: Enjoy designated quarterly Whaleness Days plus an end-of-year Whaleness break to recharge.
Comfortable Setup: Comprehensive home office setup support.
Generous Parental Leave: 16 weeks of paid Parental leave (after 6 months of employment).
Technology Stipend: Equivalent to $100 USD net/month.
Flexible PTO: A PTO plan that actively encourages you to take time for your passions.
Professional Development: Training stipend for conferences, courses, and classes.
Equity: As a growing startup, all employees share in our success.
Docker Swag: Show off your Docker pride!
Comprehensive Benefits: Medical benefits, retirement plans, and holidays vary by country.
Remote-First: A thriving remote-first culture with physical offices in Seattle and Paris.
Please see the independent bias audit report covering our use of Covey here.