About Triam Security:

Triam Security is revolutionizing software supply chain security through our
advanced vulnerability database platform and CleanStart product line. We provide
hardened, vulnerability-free container images with built-in security, compliance,
and performance benefits. Our mission is to transform container security by
eliminating pre-existing vulnerabilities and providing full visibility and control over
the software supply chain.

Role Overview:

We are seeking an experienced Senior Container Security & Quality Assurance
Engineer to join our dynamic team. The successful candidate will establish
comprehensive testing methodologies for security-hardened, minimal container
images across enterprise environments. This role demands deep expertise in
container technology, software composition analysis, and automated security
validation with a focus on developing testing frameworks that ensure our container
images meet the highest standards of security, compliance, and performance.

Key Responsibilities

• Container Image Security Validation
  o Design and execute comprehensive security testing strategies for
  minimal, security-hardened container images
  o Implement automated security scanning and validation processes
  integrated with CI/CD pipelines
  o Develop specialized tests for container image composition and
  dependency structures
  o Create and maintain security benchmark testing frameworks aligned
  with industry standards
• Compliance & Certification Testing
  o Establish testing methodologies for CIS benchmark compliance
  validation
  o Develop and implement FIPS compliance testing frameworks for
  cryptographic modules
  o Design and execute tests for industry-specific regulatory compliance requirements
  o Validate container images against enterprise security policies and standards
• Software Composition & Supply Chain Validation
  o Implement SBOM (Software Bill of Materials) generation and
  validation testing
  o Develop automated verification systems for image provenance and
  attestation
  o Create testing frameworks for container image signature verification
  o Design reproducibility and deterministic build validation tests
• Platform & Architecture Testing
  o Develop cross-platform testing for multi-architecture container
  images (AMD64, ARM64)
  o Implement automated validation for specialized OS variants (Alpine
  Linux, Ubuntu, etc.)
  o Design tests for MUSL vs GLIBC variants and their respective
  behaviors
  o Create performance benchmarking frameworks for container images
• Advanced Testing Frameworks
  o Architect automated test suites for continuous validation of container
  images
  o Implement dependency tree analysis and vulnerability correlation
  o Design dynamic analysis frameworks for runtime behavior validation
  o Develop integration testing for container images in orchestrated
  environments

Requirements

• Technical Expertise
  o 4-5 years of professional experience in container security and quality
  assurance
  o Demonstrated expertise in container technologies, OCI
  specifications, and Docker ecosystems
  o Proven experience developing automated testing frameworks for
  container images
  o Strong understanding of container image security principles and hardening techniques
• Security Knowledge
  o Comprehensive knowledge of container vulnerability assessment and
  mitigation strategies
  o Experience with industry-standard container scanning tools and
  security frameworks
  o Understanding of cryptographic security principles and
  implementation validation
  o Familiarity with secure supply chain concepts and implementation
  approaches
• Development & Automation Skills
  o Proficiency in scripting and programming languages for test
  automation (Python, Go, Bash)
  o Experience integrating testing frameworks with CI/CD pipelines
  o Knowledge of infrastructure-as-code and testing methodologies
  o Ability to develop scalable, maintainable testing solutions
• Technical Understanding
  o Demonstrated knowledge of container image construction, layers,
  and filesystem principles
  o Understanding of compilation stages and their impact on container
  security
  o Familiarity with static and dynamic linking in containerized
  environments
  o Knowledge of container registry security and distribution mechanisms
  Preferred Qualifications
• Advanced Experience
  o Experience developing testing frameworks for minimal, securityfocused container images
  o Knowledge of air-gapped deployment validation and testing
  o Experience with CT0-CT1 compilation stage validation
  o Background in secure software development lifecycle
  implementation
• Specialized Knowledge
  o Familiarity with container image signing, attestation, and verification frameworks
  o Experience with SLSA (Supply chain Levels for Software Artifacts) or similar frameworks
  o Knowledge of advanced container build tools and methodologies
  o Experience testing containers in enterprise production environments
• Industry Recognition
  o Relevant security certifications (CISSP, CSSLP, CEH, etc.)
  o Contributions to open-source security projects or container
  technology communities
  o Experience presenting or publishing on container security topics
  o Participation in security research related to container technologies