🛠 Tech Stack

💼 About This Role

You'll own the intake and coordination of security issues for Home Assistant, strengthening CI/CD, release security, and supply chain defenses. You'll work closely with engineering and the open-source community to reduce risk through audits, testing, and preventive practices. This role offers a chance to shape security for a leading open-source smart home platform.

🎯 What You'll Do

• Triage and coordinate vulnerability reports via established channels.
• Harden CI/CD workflows and improve secrets management.
• Strengthen supply chain defenses with verification and signing.
• Create and maintain security processes and runbooks.

📋 Requirements

• 5+ years preferred or 3+ years with strong vulnerability management and CI/CD security.
• Experience triaging and coordinating vulnerability reports (CVEs, responsible disclosure).
• Strong understanding of software supply chain security (dependencies, build systems, signing).
• Experience securing CI/CD pipelines (e.g., GitHub Actions) including secrets management.

✨ Nice to Have

• Experience with Python ecosystems (pip, PyPI) and security tooling.
• Familiarity with SBOMs, SLSA, Sigstore/cosign, and reproducible builds.
• Prior contributions to Home Assistant or other open-source projects.

🎁 Benefits & Perks

• 🏖️ Five weeks (25 days) paid time off plus public holidays by country.
• 🏥 Fourteen days paid sick leave (if country doesn't require paid).
• 👶 Six weeks paid and six weeks unpaid parental leave in first year after birth.
• 💻 Hardware budget and 50% internet contribution for home workspace.
• 🌍 Fully remote with flexible schedule and 3-hour overlap requirement.

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Call· 30 min
2. 2Technical Interview· 60 min
3. 3Team Interview· 60 min
4. 4Final Interview with Lead· 45 min