Security Engineer

Описание вакансии

We are looking for

The Open Home Foundation is looking for a Security Engineer to join our Home Assistant team. This role focuses on keeping Home Assistant and its ecosystem secure by owning the intake and coordination of reported security issues, strengthening our CI/CD and release security, and proactively reducing risk through audits, testing, and security improvements.

You will work closely with engineering, and the broader open-source community to improve our security posture across code, build pipelines, dependencies, and releases.

What you are going to do

• Own security issue intake and coordination by triaging reports submitted via our established channels (including private reports through GitHub Security Advisories and our security contact process), reproducing issues where needed, coordinating fixes with maintainers, and ensuring responsible disclosure practices.
• Drive timely remediation by tracking SLAs, communicating status with reporters and internal stakeholders, and coordinating releases and backports when required.
• Harden our CI/CD and release workflows by improving build pipeline security, secrets management, artifact integrity, and access controls; and by reducing exposure to supply chain attacks.
• Strengthen supply chain defenses by improving dependency and artifact verification, provenance, signing, and monitoring; and by hardening the paths through which third-party code and integrations enter the ecosystem.
• Build preventive security practices by introducing and continuously improving security testing and scanning in our engineering workflows; including SAST/DAST where appropriate, dependency and artifact scanning, and CI/workflow static analysis.
• Coordinate external security work by scoping and managing third-party audits, pentests, and targeted reviews; and by ensuring findings are remediated effectively.
• Create and maintain security processes and documentation that are clear, repeatable, and community-friendly, including runbooks for incident response and disclosure.
• Collaborate with the community by supporting maintainers and contributors with guidance, reviewing security-relevant pull requests, and helping raise security awareness across the project.

What you need to have

• 5+ years preferred, or 3+ years with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security.
• Demonstrated experience triaging and coordinating vulnerability reports (e.g., CVEs, responsible disclosure workflows) and driving remediation across multiple stakeholders.
• Strong understanding of software supply chain security (dependencies, build systems, artifacts, signing, provenance, CI/CD hardening).
• Experience securing CI/CD pipelines (e.g., GitHub Actions), including secrets management, permissions, token scopes, and isolation.
• Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews.
• Ability to work independently, with strong problem-solving skills and attention to detail.
• Extensive proficiency with Git and GitHub workflows (pull requests, reviews, merging, etc.).
• Professional fluency in English, excellent written and verbal communication skills in English.
• European residency, you must be currently based in Europe and eligible to work within it.

It would be great if you also have

• Experience with Python ecosystems and packaging (pip, PyPI), dependency management, and common security tooling.
• Familiarity with SBOMs, SLSA, signing and attestations (e.g., Sigstore/cosign), and reproducible builds.
• Experience with incident response and post-incident reviews.
• Prior contributions to Home Assistant or other open-source projects.
• Experience working with IoT / smart home software and threat models.
• Experience improving security testing and integrating checks into developer workflows.
• Affinity for the open-source philosophy and community-driven development.
• A passionate Home Assistant user, or a strong interest in smart home technology and automation.

What we offer you

The Open Home Foundation is a fully remote organization that uses an Employer of Record to employ people from all over the world. You will be a normal salaried employee in your country.

This is a full-time position for 40 hours per week. Because we are a fully remote company, there is no fixed schedule. For the purpose of team communication, we do try to ensure at least 3 hours of overlap in the workday. You will report to the Home Assistant Lead, who is based in the Netherlands.

Core to the establishment of the Open Home Foundation was the well-being of the people building the future of the smart home. We will provide all the benefits required by the country you reside in. However, we also want to make sure all our employees, regardless of country of origin, get at least a minimal set of benefits, including:

• Five weeks (twenty-five days) of paid time off.

• Fourteen days of paid sick leave if your country/laws treat them as unpaid.

• Six weeks of paid and six weeks of unpaid parental leave to be used in the first year after birth. We will provide the missing days if your country/laws do not provide such compensation.

• A budget for your work hardware once you start.

• A 50% contribution to your internet connection fee at your home workspace.

• If you are currently working on Home Assistant-related side projects, you can spend work time maintaining them.

When first offering a position to a new member, the Open Home Foundation aims to provide a total compensation package that matches the 75th percentile for the new hire's role, seniority, and local market rates. For a Security Engineer in our primary operating countries, the approximate yearly compensation will be the following:

• Netherlands: 78.000 EUR
• UK: 71.000 GBP
• Spain / Portugal: 58.000 EUR
• Italy: 64.000 EUR
• Other countries: compensation can be discussed during the first interview.

These figures may be adjusted based on experience, qualifications, and work hours.

About us

The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects, and open connectivity and communication standards.

A big part of this isHome Assistant, thebiggest open-source project in number of contributors, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like:

• Open hardware tools (e.g.,ESPHome,ESP Web Tools)

• Open standards (e.g.,Python Matter Server,Z-Wave JS,ZigPy,BTHome,Improv Wi-Fi)

• Open voice (e.g.,Rhasspy,Wyoming Protocol,Piper)

The recruitment process

1. Apply for the role
2. Our HR team will review your application with the hiring manager
3. Interview with HR
4. Technical assessment
5. Interview with the team
6. Offer
7. Join our team!