Senior Product Security Engineer, Secure Design (Kernel and Virtualization)
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Product Security Engineer, Secure Design (Kernel and Virtualization) based in the United States.
This is a high-impact security engineering role focused on protecting and evolving the security posture of large-scale virtualization infrastructure. You will work at the intersection of kernel security, hypervisor technologies, and cloud systems to identify and mitigate complex threats across the stack. The role involves building structured threat models, defining security risk frameworks, and translating deep technical findings into actionable engineering decisions. You will partner closely with infrastructure, kernel, and platform engineering teams to design and implement defense-in-depth strategies. Operating in a highly collaborative environment, you will influence architecture decisions early in the development lifecycle. This position is ideal for a systems-minded security expert who thrives in deep technical problem-solving and cross-functional collaboration.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Product Security Engineer, Secure Design (Kernel and Virtualization) based in the United States.
This is a high-impact security engineering role focused on protecting and evolving the security posture of large-scale virtualization infrastructure. You will work at the intersection of kernel security, hypervisor technologies, and cloud systems to identify and mitigate complex threats across the stack. The role involves building structured threat models, defining security risk frameworks, and translating deep technical findings into actionable engineering decisions. You will partner closely with infrastructure, kernel, and platform engineering teams to design and implement defense-in-depth strategies. Operating in a highly collaborative environment, you will influence architecture decisions early in the development lifecycle. This position is ideal for a systems-minded security expert who thrives in deep technical problem-solving and cross-functional collaboration.
Accountabilities:
- Develop and maintain structured threat models for virtualization stack components, including hypervisors, kernel interfaces, and supporting infrastructure.
- Identify security risks across system architecture and propose practical, defense-in-depth mitigation strategies.
- Collaborate with kernel, virtualization (e.g., QEMU/KVM), and platform engineering teams to implement security improvements.
- Evaluate trade-offs between performance, functionality, and security to guide architectural decisions.
- Build frameworks, rubrics, and documentation to standardize how security risk is assessed and communicated.
- Partner with engineering teams to remediate vulnerabilities and integrate security into development workflows.
- Contribute to vulnerability management and ensure security findings are tracked and resolved effectively.
- Mentor engineers and promote secure coding and design practices across teams.
- Communicate complex vulnerability classes and system-level risks in a clear, actionable manner for technical and non-technical stakeholders.
- 5+ years of experience in systems engineering, product security, or similar roles involving low-level software.
- Strong understanding of kernel security mechanisms (e.g., SELinux, AppArmor, Landlock or equivalents).
- Hands-on experience with virtualization technologies such as QEMU, KVM, or similar hypervisor environments.
- Proven ability to model system-level threats and design mitigations for complex distributed systems.
- Experience assessing performance vs. security trade-offs in system-level or infrastructure code.
- Strong background in vulnerability analysis (e.g., privilege escalation, memory corruption, TOCTOU).
- Ability to collaborate effectively with engineering teams in a partnership-driven, non-adversarial security model.
- Excellent communication skills with the ability to translate technical security risks into actionable engineering guidance.
- Familiarity with modern development practices including CI/CD, containers, and virtualized environments.
- Preferred: experience with hardware side-channel mitigations, embedded systems, or programming in Go, Rust, or C.
- Competitive base salary (estimated range: $140,000–$175,000 USD, depending on experience and location)
- Equity compensation and potential performance-based bonus eligibility
- Remote-first flexibility with distributed team collaboration
- Comprehensive health, dental, and vision insurance coverage
- Flexible time off and employee assistance support programs
- Learning and development support, including training, courses, and conference reimbursement
- Equity and employee stock purchase participation opportunities (where applicable)
- Inclusive and growth-oriented engineering culture focused on innovation and impact.
Own and drive the secure design and threat modeling strategy for large-scale virtualization and kernel-based infrastructure, ensuring robust protection against evolving attack surfaces.
Requirements:
Experienced systems security engineer with deep expertise in kernel-level technologies, virtualization security, and secure architecture design, combined with strong collaboration and communication skills.