This job was posted more than 40 days ago and might be expired.
RapidFort, Inc. logo

Senior Linux Distribution Engineer — Software Supply Chain Security

Posted about 2 months ago

RemoteRemoteSE150k - 200k USD
Senior Linux Distribution Engineer — Software Supply Chain Security
About the Role

We are looking for a deeply technical Linux Distribution Engineer to build, maintain, and secure Linux package ecosystems and hardened container images across modern cloud-native platforms.

This role sits at the intersection of Linux distributions, package management, and software supply chain security. You will own the lifecycle of identifying vulnerabilities, validating fixes, rebuilding or backporting packages across distribution branches, maintaining trusted package repositories, and ensuring secure software delivery at scale.

You will work across multiple Linux distribution ecosystems to build, maintain, secure, and deliver production-ready packages and container images tailored to customer environments. The role requires deep expertise in Linux packaging, dependency management, repository management, compatibility validation, and automated software delivery at scale.

This is a hands-on engineering role focused on Linux internals, package systems, dependency management, build pipelines, repository management, and automation — not simply vulnerability scanning or policy compliance.

You will collaborate closely with platform engineering, infrastructure, DevOps, release engineering, and security teams to improve how software is built, validated, secured, and distributed across containerized environments.

What You’ll Do
  • Own end-to-end vulnerability remediation across Linux package ecosystems and container images.
  • Analyze CVEs affecting OS packages, runtimes, libraries, and transitive dependencies across multiple Linux distributions.
  • Validate upstream fixes, evaluate patch applicability, and determine appropriate remediation strategies.
  • Rebuild, backport, patch, curate, sign, and publish packages across multiple Linux distribution branches.
  • Maintain and manage trusted package repositories across diverse Linux ecosystems.
  • Resolve complex dependency, compatibility, and ABI issues across distributions and package versions.
  • Ensure package and image updates do not break customer environments, builds, or runtime compatibility.
  • Design and scale automated pipelines for package rebuilding, validation, remediation, signing, publishing, and image generation.
  • Integrate package validation, repository management, and remediation workflows into pipelines.
  • Generate and maintain SBOMs, package metadata, provenance data, and trusted software artifacts.
  • Improve image performance, package footprint, startup efficiency, and operational reliability.
  • Research emerging threats and best practices in Linux distributions, containers, Kubernetes, and software supply chain security.
What You Bring
  • 5+ years of experience in Linux systems engineering, Linux distribution engineering, platform engineering, DevSecOps, release engineering, or SRE.
  • Deep expertise in Linux distributions and package ecosystems.
  • Strong experience with Linux package build systems and tooling including rpmbuild, dpkg-buildpackage, APKBUILD/abuild, and associated repository and release tooling.
  • Strong hands-on experience with Linux package managers including dpkg/apt, rpm/yum/dnf, apk, and associated repository tooling.
  • Proven experience rebuilding, patching, backporting, maintaining, or publishing Linux packages across distribution versions.
  • Strong understanding of package repositories, dependency resolution, ABI compatibility, package signing, and release workflows.
  • Experience identifying and remediating vulnerabilities within Linux packages and containerized environments.
  • Deep understanding of container internals, Linux, namespaces, and runtime behavior.
  • Strong scripting or programming skills in Bash, C/C++, Python, Go, and other languages.
  • Experience building CI/CD automation for package validation, remediation, release, and repository management workflows.
  • Familiarity with software supply chain security concepts including SBOMs, provenance, signing, and artifact trust.
  • Strong troubleshooting skills across Linux systems, package ecosystems, dependency graphs, and build pipelines.
Nice to Have
  • Experience maintaining or contributing to Linux distributions or open source package ecosystems.
  • Experience with package build infrastructure such as mock, Koji, OBS, Launchpad, or similar systems.
  • Experience building minimal, distroless, or hardened container images.
  • Familiarity with SBOM tooling and standards.
  • Familiarity with SLSA, reproducible builds, or software supply chain security frameworks.
  • Contributions to open source infrastructure, Linux packaging, or container ecosystem projects.
What Success Looks Like
  • Fast and reliable remediation of vulnerabilities across supported Linux distributions.
  • Stable and trusted package update pipelines that avoid breaking customer builds and runtime environments.
  • Automated and scalable systems for package rebuilding, validation, signing, publishing, and remediation.
  • Significant reduction in image attack surface, package sprawl, and operational overhead.
  • Repeatable standards and tooling for trusted software delivery across Linux and container ecosystems.

Compensation: This Senior Linux Distribution Engineer — Software Supply Chain Security role offers a base salary range of $150,000–$200,000, depending on experience, along with a competitive benefits package including healthcare, PTO, and equity participation. Total compensation is designed to reflect the deep technical nature of the role and its impact on securing Linux distributions, package ecosystems, and software supply chain integrity at scale.

Job details
Workplace
Remote
Location
Remote
Experience
SE
Salary
150k - 200k USD
per year
RapidFort, Inc. logo
RapidFort, Inc.
View company page

RapidFort eliminate up to 99.9% of container CVEs with 25,000+ Near-Zero CVE Images and automated hardening. No code changes or pipeline modifications needed.

Employees
111
Industry
Computer and Network Security
Headquarters
Sunnyvale, California
Founded
2020
Specialties
Near Zero CVE Images, Software Attack Surface Management, RBOM, RF Justification for POAMs, Integrated CIS / STIG Benchmarks, Vulnerability Remediation, Software Supply Chain Security, and Open Source Container Image Hardening

Key team members

Andy Chou

Andy Chou

Avery Lyford

Avery Lyford

Tracy Timpson Toschi

Tracy Timpson Toschi

Ben de Waal

Ben de Waal

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups