This job has expired
This position was posted on March 30, 2026 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!
Job Overview
Location
Europe - Anywhere
Job Type
Full-time
Category
Security Engineer
Date Posted
March 30, 2026
Full Job Description
đź“‹ Description
- • As a Security Engineer at the Open Home Foundation, you will play a critical role in safeguarding the integrity and trust of Home Assistant, one of the world’s largest open-source smart home platforms, by leading the identification, coordination, and remediation of security vulnerabilities across its ecosystem.
- • You will own the end-to-end lifecycle of security issue management—from triaging reports via GitHub Security Advisories and private disclosure channels to reproducing issues, driving fixes with maintainers, and ensuring responsible disclosure practices that protect both users and contributors.
- • Your day-to-day responsibilities will include tracking and meeting SLAs for vulnerability remediation, communicating status updates to reporters and internal stakeholders, and coordinating timely releases and backports when security patches are required.
- • You will harden CI/CD and release workflows by improving secrets management, artifact integrity, access controls, and pipeline security in GitHub Actions to mitigate supply chain risks and prevent unauthorized code injection.
- • You will strengthen supply chain defenses by enhancing dependency verification, artifact signing, provenance tracking, and monitoring—implementing SBOMs, SLSA frameworks, and tools like Sigstore/cosign to ensure only trusted code enters the ecosystem.
- • You will build preventive security practices by integrating SAST/DAST, dependency scanning, and static analysis into engineering workflows, enabling developers to catch vulnerabilities early and continuously improve the project’s security posture.
- • You will coordinate external security engagements such as third-party audits and penetration tests, ensuring findings are properly scoped, tracked, and remediated with clear accountability and follow-up.
- • You will create and maintain accessible, repeatable security documentation and runbooks—including incident response and disclosure procedures—designed to be community-friendly and usable by maintainers and contributors worldwide.
- • You will collaborate closely with the open-source community by guiding maintainers, reviewing security-relevant pull requests, and raising security awareness through education, mentorship, and proactive outreach.
- • You will work within a fully remote, values-driven organization that prioritizes privacy, choice, and sustainability in smart home technology, contributing to a mission that empowers users with control over their data and devices.
- • You will have the opportunity to grow your expertise in open-source security, supply chain risk management, and community-led vulnerability response while making a tangible impact on a platform used by millions of homes globally.
🎯 Requirements
- • 5+ years of experience in security engineering, or 3+ years with strong demonstrated ownership in vulnerability management, CI/CD security, or software supply chain security.
- • Proven experience triaging and coordinating vulnerability reports (including CVEs and responsible disclosure workflows) and driving remediation across multiple stakeholders and teams.
- • Strong understanding of software supply chain security, including dependencies, build systems, artifact signing, provenance, and CI/CD hardening techniques.
- • Hands-on experience securing CI/CD pipelines, particularly GitHub Actions, with expertise in secrets management, token scopes, permissions, and isolation strategies.
- • Practical knowledge of secure software development practices, including the ability to conduct risk assessments, security reviews, and implement preventive controls in development workflows.
- • Extensive proficiency with Git and GitHub workflows, including pull requests, code reviews, merging, and branch management.
- • Professional fluency in English with excellent written and verbal communication skills essential for coordinating with global contributors and stakeholders.
- • Must be currently residing in Europe and eligible to work within the region, as required by the Open Home Foundation’s Employer of Record structure.
🏖️ Benefits
- • Five weeks (twenty-five days) of paid time off annually, ensuring ample opportunity for rest and recharge.
- • Fourteen days of paid sick leave, provided if local laws do not already cover it as paid leave.
- • Six weeks of paid and six weeks of unpaid parental leave available in the first year after birth, with the Foundation covering any gaps in local statutory provisions.
- • A budget for work hardware upon onboarding to support a productive and comfortable home office setup.
- • A 50% contribution toward your home internet connection fee to ensure reliable connectivity for remote work.
- • Permission to allocate work time to maintain Home Assistant-related side projects, encouraging continued engagement with the open-source ecosystem.
Skills & Technologies
Python
JavaScript
GitHub
Git
Remote
About OpenHome Foundation
OpenHome Foundation is a non-profit organization that stewards the OpenHome open-source voice assistant and smart-home ecosystem. It provides reference hardware designs, software frameworks, privacy-respecting cloud services, and governance policies so that individuals and companies can build interoperable, local-first smart-home devices without vendor lock-in. The foundation hosts the codebase, coordinates contributions, certifies compatible products, and advocates for user privacy and open standards in connected homes.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
