Staff Software Engineer (Libraries Platform)

<h1><span style="font-size: 10pt;">Staff Software Engineer, (Libraries Platform)</span></h1> <h2><span style="font-size: 10pt;">The role: </span></h2> <p><span style="font-size: 10pt;">At Chainguard, we think the best platform work is invisible: the libraries just appear, the builds just work, and the CVEs quietly regret their life choices.</span></p> <p><span style="font-size: 10pt;">Chainguard’s Libraries organization is building the secure, reliable factory that continuously builds, verifies, and serves open‑source libraries to our customers and internal teams across multiple ecosystems. You’ll join as a Staff Software Engineer on the Libraries Platform team, leading the architecture and implementation of the platform that powers this factory: the services, APIs, and automation that make our libraries reproducible, trustworthy, and always up to date.</span></p> <p><span style="font-size: 10pt;">This is an infrastructure‑centric, platform role. You’ll work on shared services, build and packaging pipelines, and a package index that serves external customers and internal ecosystem teams. You’ll help invent and operate the platform that:</span></p> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Serves packages to customers at scale</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Automates CVE remediation and verification workflows</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Powers AI‑driven package builds</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Provides shared services across language ecosystems (Java, JavaScript, Python/AI/ML and beyond)</span></li> </ul> <h2><span style="font-size: 10pt;">What you’ll do:</span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Own the architecture and technical direction for the Libraries Platform: the services, pipelines, and package index that power secure, reproducible build, test, and distribution workflows for libraries across multiple ecosystems (Java, JavaScript, Python/AI/ML).</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Design and maintain automation for artifact creation, updates, and verification, including vulnerability scanning, remediation workflows, SBOM and provenance generation, and policy enforcement across our library catalog.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Build and operate shared platform services such as package indexes, registry mirrors, metadata services, and orchestration tooling that serve both external customers and internal ecosystem teams.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Develop internal developer tools and CLIs (often in Go) that improve how we build, test, and ship libraries at scale, including integration with build systems and CI/CD for multiple ecosystems.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Drive reliability, scalability, and observability for the Libraries platform: define SLOs, build monitoring and alerting, and lead incident response and post‑incident improvements.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Solve complex dependency and build issues in production environments, from toolchain and compiler problems to CI/CD flakiness and registry/package index edge cases.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Partner closely with ecosystem teams (Java, JavaScript, Python/AI/ML), Platform, Delivery, Sustaining, and Security to ensure the platform meets reliability, security, and product requirements.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Mentor and unblock other engineers through design reviews, documentation, and hands‑on debugging, helping to “code culture” into how we build and run our libraries platform.</span></li> </ul> <h2><span style="font-size: 10pt;">What we’re looking for:</span></h2> <ul> <l ... (truncated, view full listing at source)