Open Source Supply Chain Security Software Engineer

  • The Eclipse Foundation
  • Remote
  • 06 Feb, 2024
Full time, Remote Security Software Engineering State of Open Con 24

Job Description

Summary

Join the Eclipse Foundation, a leading open source software foundation with over 16 years of innovation, hosting over 420 collaborative projects and 20 Working Groups. Based in Belgium with a global reach, we are committed to enabling developer-focused innovation and promoting security in open source software.

The Role

As a Software Engineer in our Security Team, you'll play a pivotal role in securing the software supply chain for Eclipse Projects. Reporting to the Head of Security, you'll collaborate closely with project teams, enhancing CI/CD pipelines, developing tools for vulnerability detection, and maintaining up-to-date dependencies. Proficiency in Java, Python, Go, or Rust is required, with a willingness to learn additional languages.

Responsibilities

  • Collaborate with open source projects to enhance their software supply chain security.
  • Develop tools for hardening software supply chains.
  • Automate management and compliance assessment on GitHub and GitLab.
  • Create and maintain a Jenkins plugin for provenance attestation.
  • Track project progress using a public dashboard.
  • Foster relationships within the open source security community.
  • Produce technical content (videos, articles, tutorials) to guide Eclipse Projects in security best practices.
  • Communicate developments and improvements publicly.

Qualifications

Required

  • 5+ years of software engineering experience.
  • Proficiency in one or more of: Java, Python, JavaScript, Go, or Rust.
  • Expertise in CI/CD practices (containers, GitHub Actions, GitLab CI/CD, Jenkins).
  • Strong communication skills and ability to produce high-quality written materials.
  • Fluent in English, with experience in an English-speaking business environment.

Preferred

  • Open source project involvement.
  • Knowledge of SLSA, SSDF, or similar secure software development practices.
  • Experience in remote-first work environments.

Education

  • Bachelor’s or Master’s in Computer Science, Software Engineering, or equivalent.

Location of Position

  • Remote, open to candidates in Europe, Canada, or the US.

Eclipse Foundation Offers

We offer highly competitive compensation along with a comprehensive benefits package. We thank all applicants for their interest; however, only those to be interviewed will be contacted. For more information about Eclipse Foundation, please visit our website at https://eclipse.org/ 

Eclipse respects the dignity and independence of people with disabilities, and is committed to providing accommodation and support to persons with disabilities throughout any recruitment process, once made aware of a need for accommodation. If you require any special accommodation or support during the recruitment process, please indicate in your email to us.