Open Source Security Software Engineer

Summary

Join the Eclipse Foundation's Security Team and play a pivotal role in securing open source software supply chains globally. You will develop cutting-edge security solutions, foster trusted relationships, and lead community initiatives to promote proactive security. Key responsibilities include developing innovative security tools, automating security best practices, monitoring progress and reporting, engaging with the community, and providing leadership and collaboration. The ideal candidate possesses remote work experience, strong technical skills (proficiency in at least one programming language), CI/CD knowledge, open source passion, and a collaborative mindset. The Eclipse Foundation offers a competitive compensation package and comprehensive benefits. The position is fully remote and open to candidates in Europe, Canada, and the US.

Requirements

• Remote Work Experience : Proven ability to excel independently and collaboratively in a remote-first work environment
• Strong Technical Skills : Proficiency in at least one programming language (Java, Python, JavaScript, Go, or Rust) and eagerness to expand your technical expertise
• CI/CD Knowledge : Hands-on experience with CI/CD workflows, such as GitHub Actions, GitLab CI/CD, or Jenkins
• Open Source Passion : Demonstrated commitment to contributing to or actively participating in open source communities
• Collaborative Mindset : Good communication skills with a proven ability to clearly articulate complex security concepts and effectively collaborate with diverse teams

Responsibilities

• Develop Innovative Security Tools: Design and build advanced solutions to strengthen open source software supply chains, leveraging platforms like GitHub and GitLab for effective automation and management
• Automate Security Best Practices: Streamline security processes through automation to ensure consistent application of best practices across various projects
• Progress Monitoring & Reporting: Create and manage a public dashboard to transparently track and communicate ongoing security improvements to the community
• Community Engagement: Generate insightful technical content, lead discussions, and inspire best practices, actively engaging and influencing the global developer community
• Leadership & Collaboration: Act as a security advocate, sharing knowledge, guiding teams, and nurturing collaborative relationships across diverse open source communities

Preferred Qualifications

• Experience or knowledge in one or more of these areas will give you an edge: Generating Software Bill of Materials (SBOMs) using CycloneDX or SPDX
• Managing or utilizing Dependency-Track
• GitHub administration and API integrations
• Vulnerability management (security incident response perspective)
• Conducting project audits or security reviews

Benefits

• Innovative Environment : Be part of a culture that encourages bold ideas, creative problem-solving, and collaboration
• Continuous Growth : Access professional development opportunities and stay at the forefront of evolving technologies and security practices
• Global Impact: Directly influence the security posture of open source software relied upon by millions around the world
• We offer highly competitive compensation along with a comprehensive benefits package