Open Society Foundations

Security Engineer

Open Society Foundations

full-time

Posted on:

Location Type: Remote

Location: Anywhere in Europe

Visit company website

Explore more

AI Apply
Apply

Salary

💰 €58,000 - €78,000 per year

About the role

  • Own security issue intake and coordination by triaging reports submitted via our established channels (including private reports through GitHub Security Advisories and our security contact process), reproducing issues where needed, coordinating fixes with maintainers, and ensuring responsible disclosure practices.
  • Drive timely remediation by tracking SLAs, communicating status with reporters and internal stakeholders, and coordinating releases and backports when required.
  • Harden our CI/CD and release workflows by improving build pipeline security, secrets management, artifact integrity, and access controls; and by reducing exposure to supply chain attacks.
  • Strengthen supply chain defenses by improving dependency and artifact verification, provenance, signing, and monitoring; and by hardening the paths through which third-party code and integrations enter the ecosystem.
  • Build preventive security practices by introducing and continuously improving security testing and scanning in our engineering workflows; including SAST/DAST where appropriate, dependency and artifact scanning, and CI/workflow static analysis.
  • Coordinate external security work by scoping and managing third-party audits, pentests, and targeted reviews; and by ensuring findings are remediated effectively.
  • Create and maintain security processes and documentation that are clear, repeatable, and community-friendly, including runbooks for incident response and disclosure.
  • Collaborate with the community by supporting maintainers and contributors with guidance, reviewing security-relevant pull requests, and helping raise security awareness across the project.

Requirements

  • 5+ years preferred, or 3+ years with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security.
  • Demonstrated experience triaging and coordinating vulnerability reports (e.g., CVEs, responsible disclosure workflows) and driving remediation across multiple stakeholders.
  • Strong understanding of software supply chain security (dependencies, build systems, artifacts, signing, provenance, CI/CD hardening).
  • Experience securing CI/CD pipelines (e.g., GitHub Actions), including secrets management, permissions, token scopes, and isolation.
  • Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews.
  • Ability to work independently, with strong problem-solving skills and attention to detail.
  • Extensive proficiency with Git and GitHub workflows (pull requests, reviews, merging, etc.).
  • Professional fluency in English, excellent written and verbal communication skills in English.
  • European residency, you must be currently based in Europe and eligible to work within it.
Benefits
  • Five weeks (twenty-five days) of paid time off.
  • Fourteen days of paid sick leave if your country/laws treat them as unpaid.
  • Six weeks of paid and six weeks of unpaid parental leave to be used in the first year after birth. We will provide the missing days if your country/laws do not provide such compensation.
  • A budget for your work hardware once you start.
  • A 50% contribution to your internet connection fee at your home workspace.
  • If you are currently working on Home Assistant-related side projects, you can spend work time maintaining them.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability managementCI/CD securitysupply chain securitysecurity testingSASTDASTdependency scanningartifact scanningrisk assessmentssecurity reviews
Soft Skills
problem-solvingattention to detailindependent workcommunicationcollaboration