About CleanStart:

CleanStart is revolutionizing software supply chain security through our advanced
vulnerability database platform and CleanStart product line. We provide hardened,
vulnerability-free container images with built-in security, compliance, and performance
benefits. Our mission is to transform container security by eliminating pre-existing
vulnerabilities and providing full visibility and control over the software supply chain.

Role Overview:

As a Senior DevSecOps Engineer on our Build team, you will lead the implementation and
automation of build processes for new CleanStart container images. You will transform
image designs into production-ready, hardened containers, implement secure build
pipelines, and ensure the integrity of our supply chain. Your expertise will be crucial in
delivering container images that are secure-by-default, performance-optimized, and free of
vulnerabilities.

Key Responsibilities:

• Implement and maintain secure build pipelines for new container images
• Develop automation for reproducible and verifiable container builds
• Create infrastructure as code for build environments and CI/CD pipelines
• Implement cryptographic signing and verification of build artifacts
• Establish build tools and processes that ensure supply chain integrity
• Collaborate with Design teams to implement image specifications
• Develop strategies for validating zero-vulnerability status in builds
• Mentor junior engineers on secure build practices
• Contribute to build process documentation and standards
• Implement SBOM generation and attestation during the build process

Required Qualifications:

• 5+ years of experience in DevOps, CI/CD, or build engineering
• Strong understanding of container build technologies (Docker, Buildah, etc.)
• Experience with infrastructure as code and configuration management
• Proficiency in scripting and automation (Bash, Python, Go, etc.)
• Knowledge of software supply chain security and build integrity
• Experience with CI/CD systems (Jenkins, GitHub Actions, Cloud Build, etc.)
• Understanding of cryptographic signing and verification concepts
• Strong problem-solving and implementation skills
• Excellent communication and collaboration abilities

Preferred Qualifications:

• Experience with in-toto, Sigstore, or other supply chain security tools
• Knowledge of SLSA framework implementation
• Familiarity with container image hardening techniques
• Experience with GCP or other cloud build environments
• Background in security engineering or secure DevOps
• Understanding of compliance frameworks (FIPS, NIST, etc.)
• Experience with vulnerability scanning and remediation in build pipelines
• Contributions to DevSecOps or container security open-source projects

‍