Job Overview
Location
Germany - Munich
Job Type
Full-time
Category
Security Engineer
Date Posted
February 28, 2026
Full Job Description
đź“‹ Description
- • As a Senior Application Security Engineer at Loft Labs, you will be the cornerstone of trust and security within our innovative and rapidly expanding technological ecosystem. Your primary mission will be to safeguard the integrity and confidentiality of our flagship product, vCluster, ensuring it remains the undisputed leader in secure Kubernetes multi-tenancy. You will be instrumental in architecting and implementing the robust security standards that empower our customers to confidently deploy high-privileged workloads, free from the anxieties of potential breaches or unauthorized access. This role demands a proactive and deeply strategic approach, weaving comprehensive security measures across our entire codebase, infrastructure, and development lifecycle.
- • You will dive deep into the security posture of our core Go-based applications and Kubernetes controllers, meticulously examining the frontend user interface. A critical focus will be placed on preventing privilege escalation within our sophisticated multi-tenant architecture, a key differentiator for vCluster. This involves understanding the intricate interactions between tenants and the underlying infrastructure, and designing controls to maintain strict isolation.
- • Leading the charge in proactive risk identification, you will spearhead the threat modeling process for all new features. This includes anticipating and mitigating potential risks associated with shared resources, such as GPU acceleration, and the complexities introduced by multi-cloud environments. Your insights will guide development teams to build security in from the ground up, rather than bolting it on later.
- • Embracing the "shift-left" security philosophy, you will continuously integrate and optimize security checks within our Continuous Integration (CI) pipelines and developer workflows. The emphasis will be on ensuring these checks are not only effective but also exceptionally fast, preventing security from becoming a bottleneck to engineering velocity. Furthermore, you will be responsible for managing both automated and manual scanning initiatives across our entire product stack, identifying and addressing potential vulnerabilities before they can be exploited.
- • You will take complete ownership of the security vulnerability lifecycle, from initial discovery through to successful remediation. This involves expertly triaging both external and internal vulnerability reports, driving the timely resolution of critical issues across the engineering organization, and maintaining clear, concise communication with all relevant stakeholders, including engineering leadership, product management, and potentially customers.
- • In alignment with Loft Labs' culture, you will actively contribute to the ideation and development of new features, with a significant emphasis on security-centric innovations. This includes exploring and implementing solutions for advanced security challenges such as container breakouts, enhanced isolation techniques, and pushing the boundaries of what's achievable in highly constrained and sensitive environments.
- • A crucial aspect of your role will be empowering our engineering team through comprehensive developer training. You will translate complex security concepts, emerging attack vectors, and secure coding best practices into accessible and actionable guidance for all engineers, fostering a strong security-aware culture throughout the organization.
- • You will collaborate closely with product and engineering teams to ensure security requirements are clearly defined and integrated into the product roadmap. This includes staying abreast of the latest security threats, vulnerabilities, and best practices relevant to cloud-native technologies, Kubernetes, and AI/ML workloads.
- • You will contribute to the development and maintenance of security policies, standards, and procedures, ensuring they are practical, effective, and aligned with industry best practices and regulatory requirements.
- • You will play a key role in responding to security incidents, coordinating efforts, and conducting post-incident analyses to prevent recurrence and improve our overall security posture.
- • Your expertise will be vital in evaluating and recommending security tools and technologies to enhance our security capabilities and streamline our security operations.
- • You will be a champion for security best practices, advocating for a security-first mindset across all levels of the organization and fostering a culture of continuous improvement.
🎯 Requirements
- • 5+ years of experience in Application Security or Product Security, with a significant focus on containerized environments and cloud-native technologies.
- • Deep understanding of Kubernetes architecture, RBAC, network policies, and container runtime security, with specific knowledge of multi-tenancy risks.
- • Proficiency in reading and writing Go code, with the ability to perform manual code reviews to identify security vulnerabilities.
- • Experience with threat modeling methodologies and vulnerability management processes.
- • Familiarity with CI/CD pipelines and integrating security tooling into developer workflows.
- • Excellent communication and collaboration skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
🏖️ Benefits
- • Competitive salary and equity package.
- • Platinum-level health, dental, vision, and life insurance for employees and eligible dependents.
- • Flexible working hours and a remote-first work culture.
- • Opportunities to work with cutting-edge technologies in AI and multi-cloud infrastructure.
- • Contribute to a high-growth, venture-backed startup with a strong open-source foundation.
- • Professional development and training opportunities, including support for relevant certifications.
Skills & Technologies
Python
Kubernetes
GitLab
GitHub
Senior
Remote
About Loft Labs, Inc.
Loft Labs created vCluster, an open-source tool that spins up lightweight, virtual Kubernetes clusters inside existing namespaces. By running an isolated control plane within a single namespace, teams gain cluster-like isolation without the cost or overhead of full clusters, enabling safe multi-tenancy, faster CI/CD, and easier development workflows. The company provides enterprise support, a management platform, and add-ons to scale virtual clusters across clouds and on-premises infrastructure.
