Security Engineer
职责包括红队活动:执行Web和移动(iOS、Android、Windows和Mac)应用程序的渗透测试,负责漏洞管理生命周期从识别、修复到报告,主动监控和检测组织内的运营安全风险,对安全事件和技术工具进行技术调查,直接与用户在售前和支持期间沟通安全问题。
加载中...
The Open Home Foundation is looking for a Security Engineer to join our Home Assistant team. This role focuses on keeping Home Assistant and its ecosystem secure by owning the intake and coordination of reported security issues, strengthening our CI/CD and release security, and proactively reducing risk through audits, testing, and security improvements. You will work closely with engineering, and the broader open-source community to improve our security posture across code, build pipelines, dependencies, and releases. What You Are Going To Do: Own security issue intake and coordination by triaging reports submitted via our established channels (including private reports through GitHub Security Advisories and our security contact process), reproducing issues where needed, coordinating fixes with maintainers, and ensuring responsible disclosure practices. Drive timely remediation by tracking SLAs, communicating status with reporters and internal stakeholders, and coordinating releases and backports when required. Harden our CI/CD and release workflows by improving build pipeline security, secrets management, artifact integrity, and access controls; and by reducing exposure to supply chain attacks. Strengthen supply chain defenses by improving dependency and artifact verification, provenance, signing, and monitoring; and by hardening the paths through which third-party code and integrations enter the ecosystem. Build preventive security practices by introducing and continuously improving security testing and scanning in our engineering workflows; including SAST/DAST where appropriate, dependency and artifact scanning, and CI/workflow static analysis. Coordinate external security work by scoping and managing third-party audits, pentests, and targeted reviews; and by ensuring findings are remediated effectively. Create and maintain security processes and documentation that are clear, repeatable, and community-friendly, including runbooks for incident response and disclosure. Collaborate with the community by supporting maintainers and contributors with guidance, reviewing security-relevant pull requests, and helping raise security awareness across the project. What You Need To Have: 5+ years preferred, or 3+ years with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security. Demonstrated experience triaging and coordinating vulnerability reports (e.g., CVEs, responsible disclosure workflows) and driving remediation across multiple stakeholders. Strong understanding of software supply chain security (dependencies, build systems, artifacts, signing, provenance, CI/CD hardening). Experience securing CI/CD pipelines (e.g., GitHub Actions), including secrets management, permissions, token scopes, and isolation. Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews. Ability to work independently, with strong problem-solving skills and attention to detail. Extensive proficiency with Git and GitHub workflows (pull requests, reviews, merging, etc.). Professional fluency in English, excellent written and verbal communication skills in English. European residency, you must be currently based in Europe and eligible to work within it. It would be great if you also have: Experience with Python ecosystems and packaging (pip, PyPI), dependency management, and common security tooling. Familiarity with SBOMs, SLSA, signing and attestations (e.g., Sigstore/cosign), and reproducible builds. Experience with incident response and post-incident reviews. Prior contributions to Home Assistant or other open-source projects. Experience working with IoT / smart home software and threat models. Experience improving security testing and integrating checks into developer workflows. Affinity for the open-source philosophy and community-driven development. A passionate Home Assistant user, or a strong interest in smart home technology and automation. What we offer You: The Open Home Foundation is a fully remote organization that uses an Employer of Record to employ people from all over the world. You will be a normal salaried employee in your country. This is a full-time position for 40 hours per week. Because we are a fully remote company, there is no fixed schedule. For the purpose of team communication, we do try to ensure at least 3 hours of overlap in the workday. You will report to the Home Assistant Lead, who is based in the Netherlands. Core to the establishment of the Open Home Foundation was the well-being of the people building the future of the smart home. We will provide all the benefits required by the country you reside in. However, we also want to make sure all our employees, regardless of country of origin, get at least a minimal set of benefits, including: Five weeks (twenty-five days) of paid time off. Fourteen days of paid sick leave if your country/laws treat them as unpaid. Six weeks of paid and six weeks of unpaid parental leave to be used in the first year after birth. We will provide the missing days if your country/laws do not provide such compensation. A budget for your work hardware once you start. A 50% contribution to your internet connection fee at your home workspace. If you are currently working on Home Assistant-related side projects, you can spend work time maintaining them. About Us: The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects, and open connectivity and communication standards. A big part of this is Home Assistant, the biggest open-source project in number of contributors, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like: Open hardware tools (e.g., ESPHome, ESP Web Tools), Open standards (e.g., Python Matter Server, Z-Wave JS, ZigPy, BTHome, Improv Wi-Fi), Open voice (e.g., Rhasspy, Wyoming Protocol, Piper). The recruitment process: Apply for the role, Our HR team will review your application with the hiring manager, Interview with HR, Technical assessment, Interview with the team, Offer, Join our team!
5+ years preferred, or TexParameter with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security. Demonstrated experience triaging and coordinating vulnerability reports (e.g., CVEs, responsible disclosure workflows) and driving remediation across multiple stakeholders. Strong understanding of software supply chain security (dependencies, build systems, artifacts, signing, provenance, CI/CD hardening). Experience securing CI/CD pipelines (e.g., GitHub Actions), including secrets management, permissions, token scopes, and isolation. Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews. Ability to work independently, with strong problem-solving skills and attention to detail. Extensive proficiency with Git and GitHub workflows (pull requests, reviews, merging, etc.). Professional fluency in English, excellent written and verbal communication skills in English. European residency, you must be currently based in Europe and eligible to work within it.
Five weeks (twenty-five days) of paid time off. Fourteen days of paid sick leave if your country/laws treat them as unpaid. Six weeks of paid and six weeks of unpaid parental leave to be used in the first year after birth. We will provide the missing days if your country/laws do not provide such compensation. A budget for your work hardware once you start. A 50% contribution to your internet connection fee at your home workspace. If you are currently working on Home Assistant-related side projects, you can spend work time maintaining them.
The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects, and open connectivity and communication standards. A big part of this is Home Assistant, the biggest open-source project in number of contributors, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like: Open hardware tools (e.g., ESPHome, ESP Web Tools), Open standards (e.g., Python Matter Server, Z-Wave JS, ZigPy, BTHome, Improv Wi-Fi), Open voice (e.g., Rhasspy, Wyoming Protocol, Piper).
申请职位 -> 人力资源团队审核 -> 面试 -> 技术评估 -> 团队面试 -> 提供 offer -> 加入团队
注册并登录后即可查看
职责包括红队活动:执行Web和移动(iOS、Android、Windows和Mac)应用程序的渗透测试,负责漏洞管理生命周期从识别、修复到报告,主动监控和检测组织内的运营安全风险,对安全事件和技术工具进行技术调查,直接与用户在售前和支持期间沟通安全问题。
关于该职位 V-Thru正在寻找Senior SRE/DevOps工程师,以构建和扩展我们的基础设施和部署系统,随着我们的QCommerce平台的成长。该职位将拥有生产系统的可靠性、可观测性和自动化,与我们的工程团队紧密合作,加速交付,同时保持高可用性。
我们正在构建一个安全的企业 HashiCorp Boundary 平台,需要一名 Lead Platform/Infrastructure Engineer 来推动在 AWS 和 Azure 上的交付和云连接。您将制定可重用的平台标准...
加入我们的布加勒斯特开发中心,并成为我们开明、进步和专业的团队的一员。在这个角色中,您将为我们的世界知名客户工作。首席安全办公室(CSO)由首席信息安全办公室(CISO)和企业安全单元组成。CISO组织确保我们的客户信息的安全。