The role, in nutshell:
As a Staff Engineer on Chainguard’s Libraries team, you will drive the technical strategy and implementation for our JavaScript ecosystem infrastructure, focusing on secure, reliable, and automated build systems for npm packages and related tooling. This is an infrastructure-centric position -- you will work on systems and developer tooling used by thousands of engineers, rather than frontend development. Your expertise will help expand and maintain Chainguard’s coverage over mission-critical JS libraries, advance our build automation, and improve vulnerability remediation workflows across the npm package ecosystem.
What you’ll do:
Own technical direction and architecture for JS (npm) ecosystem infrastructure, supporting high-quality and secure build, test, and distribution automation for libraries
Design, implement, and optimize systems for automated artifact creation, update, validation, vulnerability scanning, remediation, and SBOM and provenance generation for npm packages
Build and maintain internal developer tools: bundler plugins, CLI utilities, code generators, and meta-tooling that improve the workflows for library and package maintenance
Develop and debug integrations for modern JS build systems and package managers.
Solve complex dependency resolution issues, manage monorepo orchestration, and drive improvements in infrastructure automation
Collaborate with product and engineering leadership to set technical direction, drive roadmap execution, and establish process excellence for scalable package maintenance
Mentor, review, and enable other engineers by sharing systems knowledge, debugging strategies, and "meta" tooling insights
Partner with internal teams (Delivery, Sustaining, Platform, Security) to ensure our JavaScript ecosystem services meet critical SLAs and SLOs
What we’re looking for:
8+ years building and maintaining infrastructure for JavaScript/TypeScript package ecosystems (npm) or large-scale open-source projects in a similar domain
Proven record in building, shipping, and maintaining developer tools – e.g., bundler plugins, CLI tools, code generators, or custom automation pipelines for JS packages
Deep familiarity with modern JS build tooling: esbuild, Rollup, Webpack, Vite, Bun, SWC, Turbopack, Babel, PostCSS, Rome/Biome, Deno, and the associated tradeoffs between ESM/CJS/modules
Hands-on experience orchestrating large monorepos (Lerna, Nx, Turborepo or custom setups) and solving infra-scale dependency or module resolution problems in production
Comfortable working with build system code written in Go (our infra is Go-based), plus solid experience in JavaScript/TypeScript. Other language ecosystems are a strong plus.
Demonstrated ability to debug and resolve critical infrastructure and package-building failures at scale
Experience with cloud-native technologies and infrastructure, including containerization (e.g., Docker, Kubernetes), cloud services (e.g., GCP, AWS), infrastructure as code practices (e.g., Terraform).
Excellent cross-team communication skills: can collaborate with product, engineering, ops, and security teams; proactively document, mentor, and share lessons learned
Nice to Haves
Active contributor to the open source JavaScript ecosystem tooling community
Experience at building and distributing software at scale
About Us
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains.
Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard has built the largest library of open source software that is secure by default.
Chainguard’s mission is to be the safe source for open source.
We live and breathe our company values:
We are customer obsessed - We focus on delivering solutions to our customers that create value and make their lives better.
We have a bias for intentional action - We prioritize, plan, try things, and fail fast.
We don’t take ourselves too seriously (but we do serious work) - We are solving an important problem which takes focus, but we also like to enjoy the journey.
We trust each other and assume good intentions - We’re transparent with decisions to empower team members to make well informed decisions.
A few of the benefits we offer:
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.
If your experience is close but doesn’t fulfill all requirements, please apply. We’re building the best team in technology and are focused on hiring “Chainguardians'' with unique backgrounds, perspectives, and experiences.
Chainguard is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
By submitting your application, you acknowledge that Chainguard will process your personal data in accordance with Chainguard’s Privacy Policy.
©2025 Chainguard. All Rights Reserved.
Top Skills
What We Do
Chainguard is the secure foundation for building with open source software. The company's portfolio of secure, minimal container images helps organizations embrace a new culture of software development where starting left with security, not shifting left, is the reality. Chainguard was founded by the industry's leading experts on software supply chain security, open source, software, and cloud-native development. We aren't a traditional security vendor. It's container images provide secure-by-default infrastructure that introduces zero friction to developer workflows. That's why developers love and CISOS trust Chainguard.
Its customers include Fortune 500 enterprises and leading technology and security companies, including Anduril, Canva, Domino Data Lab, Checkmarx, HPE, GitLab, Snowflake, and Wiz. Chainguard is venture-backed by leading investors, including Amplify, IVP, Lightspeed Venture Partners, Redpoint Ventures, Sequoia, and Spark Capital.
Why Work With Us
Security is our mission, but having fun is our mantra. Since our founding, we've increased +1M memes, sung 900+ hours of Kubernetes-themed karaoke, and created 774+ whacky Slack emojis. Beyond this, Chainguard's innovation and leadership in open source and software supply chain security has been recognized by industry leaders.
Gallery
.png)
