The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 41 open source JavaScript projects including Appium, Dojo, Jest, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Joyent, Microsoft and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value.

OpenJS is seeking a Security Engineering Champion (contractor) who will build upon our Node.js and jQuery security working group initiatives to scale security best practices across the most critical projects in the OpenJS project portfolio.

In this role, you will have the opportunity to advance security skills and processes among the contributor and implementer communities to strengthen the JavaScript ecosystem broadly. You will do this with the support of OpenJS, a vendor-neutral organization. The contract term for this role is through 2023.

Key Responsibilities Include

• Collaborate with the OpenJS Foundation Cross Project Council and the lead maintainers of the foundation’s hosted projects to document and prioritize security strategies for our most critical projects
• Develop security roadmap and implementation plans for JavaScript, including customizing OpenSSF and OWASP best practices
• Provide direct support to maintainers of the OpenSSF best practices badge program
• Work closely with Linux Foundation Training staff and JavaScript industry experts to create JavaScript security training
• Provide support for secure releases and CVE management
• Improve and document security processes.

• 5+ years of hands-on experience with JavaScript security at scale
• Security engineering background or background in developing security engineering principles and practices
• Expertise in developing and implementing security improvement plans using industry-known frameworks. E.g, Financial or Governmental
• Demonstrated ability to manage secure releases at a global scale 
• Working knowledge of Product Security Incident Response Team (PSIRT) processes and programs
• Familiarity with cybersecurity standards, training, and certification
• Strong problem-solving skills: you aren’t afraid of ambiguity, a hard problem, or a sticky situation, and work productively to resolve issues
• Strong oral and written communication skills: you write down action items, follow up with meeting notes, and have a preference for documenting processes and goals
• Experience working with open source communities: you understand the open source ecosystem and the challenges and opportunities it faces

All your information will be kept confidential according to EEO guidelines.

The Linux Foundation is creating the greatest shared technology investment in history by enabling open source collaboration across companies, developers, and users. We are the organization of choice to build ecosystems that accelerate open technology development and commercial adoption.

The Linux Foundation is an Equal Opportunity Employer.