Software/Security Engineer, Project Alpha-Omega
- Full-time
Company Description
The Linux Foundation is the organization of choice for the world's top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history.
Today, the Linux Foundation has over 2,000 corporate members from over 41 countries, including every single one the Fortune 100. The Linux Foundation has proudly created over $54B in shared technology value since inception.
Job Description
The mission of the Alpha-Omega project is to protect society by improving the security of open source software through direct maintainer engagement and expert analysis. An important part of this project involves building and continually improving a toolchain to identify critical vulnerabilities with very little noise. The output will be triaged by a team of security experts and then reported to the project maintainers, often with a suggested fix.
We are seeking a highly-skilled software engineer with deep security experience to help us build the technology that will make this possible.
Salary Range: $250k-$350k
Job Role And Responsibilities
In this role, you’ll work with the Alpha-Omega leadership team, security researchers, and the larger OpenSSF community to build, refine, and invent technology that will efficiently identify critical security vulnerabilities in open source projects. You’ll do this by creating tools, adding new rules to existing tools, and inventing new ways to reduce or eliminate false positives.
Key responsibilities include:
Building, maintaining, refining, extending, and integrating security tools into the analysis suite. These tools will include static analyzers (for source code and binaries), dynamic analyzers (e.g. fuzzers, memory instrumentation), and other security tools.
Gathering and analyzing metrics to understand how well the toolchain works, and then improving it, either directly or by working with the maintainers of those tools to improve them.
Qualifications
Required Skills
15+ years of software engineering experience, including expertise with modern infrastructure (containers, cloud infrastructure, serverless architectures), multiple programming languages (C/C++, JavaScript, Java, and Python), and both Linux and Windows operating systems.
10+ years of software security experience, including a deep understanding of how vulnerabilities manifest themselves in source code and how they can be remediated.
A strong understanding of how software analysis and testing tools (SAST/DAST, fuzzing) work.
A strong understanding of the open source ecosystem and the current and emerging threats to that ecosystem.
The ability to respond and adapt to an interrupt-driven environment while maintaining focus on long term objectives.
Demonstrated ability to understand, operate, and communicate in a complex, multi-stakeholder environment.
Preferred Skills
An advanced degree in computer science or a related field, or equivalent work experience.
Strong experience designing or implementing software analysis tools (static analysis, dynamic analysis, fuzzing).
Experience working with open source communities.
Additional Information
All your information will be kept confidential according to EEO guidelines.
The Linux Foundation is creating the greatest shared technology investment in history by enabling open source collaboration across companies, developers, and users. We are the organization of choice to build ecosystems that accelerate open technology development and commercial adoption.
The Linux Foundation is an all-remote workforce that hires world-class talent. We are as passionate about providing a flexible and supportive work culture as we are about open-source software. Collaboration is in our DNA, and we pride ourselves on being able to work closely together while not being tied to an office. We offer exceptional benefits - e.g., top of the line healthcare plans, unlimited PTO, and 100% 401k match up to the IRS-defined limit per year.
The Linux Foundation is an Equal Opportunity Employer.