Security Researcher/Analyst, Project Alpha-Omega
- Full-time
Company Description
The Linux Foundation is the organization of choice for the world's top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history.
Today, the Linux Foundation has over 2,000 corporate members from over 41 countries, including every single one the Fortune 100. The Linux Foundation has proudly created over $54B in shared technology value since inception.
Job Description
The mission of the Alpha-Omega project is to protect society by improving the security of open source software through direct maintainer engagement and expert analysis. An important part of this project involves building and continually improving a toolchain to identify critical vulnerabilities with very little noise. The output will be triaged by a team of security experts and then reported to the project maintainers, often with a suggested fix.
We are seeking a highly-skilled security researcher to help us identify and validate critical security vulnerabilities in open source projects.
Salary Range: $250k-$350k
Job Role And Responsibilities
In this role, you’ll work with the Alpha-Omega leadership team, security engineers, and the larger OpenSSF community to find new, critical security vulnerabilities across a wide array of open source projects. You’ll have access to a suite of analysis tools, dedicated engineering support, and cloud-scale infrastructure to help you succeed. When you’re confident a vulnerability is real, you’ll help get it fixed with a clear writeup, sometimes with a suggested fix.
Key responsibilities include:
Providing feedback to and working with our engineering team to reduce or eliminate false positives and to reliably detect additional critical vulnerabilities.
Researching additional analysis techniques and working with engineering staff to validate and build those techniques back into the toolchain.
Reporting and engaging with open source project maintainers when vulnerabilities are found.
Qualifications
Required Skills
12+ years of software security experience, including an exceptional understanding of how vulnerabilities manifest themselves in source code, how they can be fixed, and the tradeoffs and limitations of those fixes.
Experience across a wide variety of programming languages (including C/C++, JavaScript, C#/Java, Python), platforms (Windows, Linux), and a demonstrated ability to learn new technologies quickly and independently.
Direct experience finding new vulnerabilities in software.
A strong understanding of how modern software analysis and testing tools (SAST/DAST, fuzzing) work and how they can be used effectively.
A strong understanding of the open source ecosystem and the current and emerging threats to that ecosystem.
Demonstrated ability to understand, operate, and clearly communicate in a complex, multi-stakeholder environment.
Preferred Skills
An advanced degree in computer science or a related field, or equivalent work experience.
Direct experience finding new vulnerabilities in open source software.
Experience working with open source communities.
Additional Information
All your information will be kept confidential according to EEO guidelines.
The Linux Foundation is creating the greatest shared technology investment in history by enabling open source collaboration across companies, developers, and users. We are the organization of choice to build ecosystems that accelerate open technology development and commercial adoption.
The Linux Foundation is an all-remote workforce that hires world-class talent. We are as passionate about providing a flexible and supportive work culture as we are about open-source software. Collaboration is in our DNA, and we pride ourselves on being able to work closely together while not being tied to an office. We offer exceptional benefits - e.g., top of the line healthcare plans, unlimited PTO, and 100% 401k match up to the IRS-defined limit per year.
The Linux Foundation is an Equal Opportunity Employer.