Who you are

• 6+ years of backend engineering experience with production-grade systems
• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience
• Strong familiarity with the container and Kubernetes ecosystem - you know what cert-manager, kyverno, grafana, and istio are, you've deployed them, and you can read upstream Helm chart source without getting lost
• Comfort with YAML as a primary working medium - you think carefully about structure, conventions, and patterns
• Understanding of container security basics - non-root users, UID/GID, image layers, multi-arch builds, supply chain concepts
• Some Go ability - enough to read and write test code, not to build distributed systems
• A maintainer mindset - you take pride in consistency, catch drift from patterns, and think about how your change affects others downstream
• Familiarity with GitHub-heavy open source workflows - PRs, upstream tracking, monorepo conventions
• Experience as a package maintainer (any Linux distribution, Homebrew, etc.)
• Helm chart authorship or contribution experience
• Familiarity with supply chain tooling (Sigstore, SBOM, SLSA)
• Experience in a regulated or security-conscious environment

What the job involves

• Docker Hardened Images (DHI) is Docker's catalogue of security-hardened, enterprise-grade container images and Helm charts - built to be minimal, up-to-date, and safe to deploy in regulated and security-conscious environments. We're looking for someone to join the team that makes this possible
• This is not a traditional software engineering role. You'll spend most of your time working with YAML definition files, upstream OSS projects, and the container and Kubernetes ecosystems - packaging and adapting software rather than building it from scratch
• If you've ever maintained packages for a Linux distribution, contributed to a Helm chart upstream, or worked as a platform/infrastructure engineer with a strong security lean, this will feel familiar
• Authoring and maintaining image definition files that track upstream OSS project releases, define build steps, and keep our catalogue current across dozens of images
• Adapting upstream Helm charts (cert-manager, grafana, mongodb, kyverno, and many more) to work with DHI images - handling security constraints, non-root contexts, and Kubernetes compatibility concerns
• Tracking upstream version releases and semver patterns across monorepos and standard repos, handling major version breaks and dependency chains
• Writing Go-based integration tests that validate images and charts behave correctly in real Kubernetes environments
• Triaging CVEs and contributing to security hardening decisions across images
• Reviewing peers' definitions and chart PRs against established conventions and catching subtle issues before they reach customers

Benefits

• 100% company paid medical premiums for employees and dependents
• Flexible Time Off Policy
• “Whaleness” Days — At least 1 company wide day off per month
• Employer Paid Holidays
• Generous Maternity and Parental Leave
• Home Office Set Up Budget
• Monthly Technology Stipend
• Training Allowances
• Life and Disability Insurance
• Retirement Plans
• Virtual and In-Person Social Events
• Docker Swag
• Quarterly Hackathons
• Virtual Coffee with Co-Workers