Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout. 

 We are a globally distributed, remote-first team building the tools that define how software gets built and delivered. As AI agents redefine software development, Docker is at the center of that shift, providing the sandboxed environments, verified images, and secure infrastructure that make autonomous workflows trustworthy by default.

As a Senior Security Engineer embedded in the Desktop engineering team, you will own the security posture of a complex, cross-platform product that sits at the intersection of identity, OCI runtimes, and Linux kernel internals. You will be the team's primary security voice, reviewing features and code before they ship, partnering with our central security organization, and serving as the first line of triage for reported vulnerabilities.

This is a hands-on engineering role for someone who thinks in threat models and communicates clearly with both product engineers and security specialists alike.

Responsibilities:

• Partner with engineering and product teams throughout the development lifecycle to identify security risks early, from design review through code review and release.
• Conduct threat modeling and security design reviews for new and evolving product features, with particular focus on authentication, authorization, and container runtime security.
• Serve as the team's primary liaison to the organization's security group, attending security syncs, relaying guidance, and translating central policy into practical engineering decisions.
• Act as the first point of contact for incoming vulnerability reports and CVEs: validate severity, reproduce issues, coordinate disclosure timelines, and drive remediation with the relevant engineers.
• Review Go code with a security mindset, identifying classes of issues such as privilege escalation, insecure defaults, injection risks, and improper credential handling.
• Contribute security-focused improvements directly to the codebase where appropriate.
• Develop and maintain internal security documentation, guidelines, and runbooks for the team.
• Stay current on the Linux security landscape as it pertains to containers: namespaces, cgroups, seccomp, AppArmor, capabilities, and the evolving OCI ecosystem.

Qualifications:

• 6+ years of experience in security engineering, application security, or a closely related discipline, with a track record at senior or staff level.
• Strong proficiency in Go, with the ability to review and contribute to production-grade code.
• Deep understanding of Linux fundamentals relevant to container security: namespaces, cgroups, capabilities, seccomp profiles, AppArmor/SELinux, rootless containers, and privilege boundaries.
• Solid grasp of OCI specifications and container runtime security (e.g. runc, containerd, BuildKit).
• Hands-on experience with identity and access management concepts: OAuth 2.0, OIDC, token handling, and auth flows in desktop or cloud-adjacent contexts.
• Experience performing security design reviews, threat modeling, and participating in secure development workflows.
• Familiarity with vulnerability management processes: CVE triage, CVSS scoring, coordinated disclosure, and working with external reporters.
• Strong written and verbal communication skills; comfortable bridging the gap between a dedicated security team and a product engineering team.

What to Expect

First 30 Days

You will onboard into the team and get hands-on with the Docker Desktop codebase, architecture, and development workflow. You will meet your counterparts in the central security organization and learn how vulnerability reports are currently handled. The goal is to listen, ask questions, and build a clear picture of the product's current security posture, not to change anything yet.

First 90 Days

You will be an active participant in design and code reviews, bringing a security lens to features in flight. You will have taken ownership of the vulnerability intake process, handling your first end-to-end triage cycles with minimal guidance. You will have a working relationship with the engineers on the team and a growing sense of where the most meaningful security investments should be made.

One Year Outlook (First Year)

You will be the team's trusted authority on product security. You will have driven meaningful improvements to how the team approaches security across the development lifecycle, whether that's better threat modeling practices, improved auth flows, stronger container isolation defaults, or reduced time-to-remediation for reported issues. you will be a known presence in the broader security organization, and your work will be directly visible in the security and resilience of a product used by millions of developers every day.

Docker considers sponsorship on a case-by-case basis based on business needs.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.

Please see the independent bias audit report covering our use of Covey here .

Perks

• Freedom & flexibility; fit your work around your life
• Designated quarterly Whaleness Days plus end of year Whaleness break
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country
• Remote-first culture, with offices in Seattle and Paris

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.

#LI-REMOTE