ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Security Engineer

Openhomefoundation

Europe - Anywhere Remote permanent

Posted: March 4, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

Work as a Security Engineer to improve Home Assistant's security posture across code, build pipelines, dependencies, and releases.

Required Skills

Security Vulnerability Management Supply Chain Security Supply Chain Solutions Risk Assessment Secure Development Practices Incident Response Documentation Community Collaboration

Job Description

We are looking for

The Open Home Foundation is looking for a Security Engineer to join our Home Assistant team. This role focuses on keeping Home Assistant and its ecosystem secure by owning the intake and coordination of reported security issues, strengthening our CI/CD and release security, and proactively reducing risk through audits, testing, and security improvements.

You will work closely with engineering, and the broader open-source community to improve our security posture across code, build pipelines, dependencies, and releases.

What you are going to do

• Own security issue intake and coordination by triaging reports submitted via our established channels (including private reports through GitHub Security Advisories and our security contact process), reproducing issues where needed, coordinating fixes with maintainers, and ensuring responsible disclosure practices.

• Drive timely remediation by tracking SLAs, communicating status with reporters and internal stakeholders, and coordinating releases and backports when required.

• Harden our CI/CD and release workflows by improving build pipeline security, secrets management, artifact integrity, and access controls; and by reducing exposure to supply chain attacks.

• Strengthen supply chain defenses by improving dependency and artifact verification, provenance, signing, and monitoring; and by hardening the paths through which third-party code and integrations enter the ecosystem.

• Build preventive security practices by introducing and continuously improving security testing and scanning in our engineering workflows; including SAST/DAST where appropriate, dependency and artifact scanning, and CI/workflow static analysis.

• Coordinate external security work by scoping and managing third-party audits, pentests, and targeted reviews; and by ensuring findings are remediated effectively.

• Create and maintain security processes and documentation that are clear, repeatable, and community-friendly, including runbooks for incident response and disclosure.

• Collaborate with the community by supporting maintainers and contributors with guidance, reviewing security-relevant pull requests, and helping raise security awareness across the project.

What you need to have

• 5+ years preferred, or 3+ years with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security.

• Demonstrated experience triaging and coordinating vulnerability reports (e.g., CVEs, responsible disclosure workflows) and driving remediation across multiple stakeholders.

• Strong understanding of software supply chain security (dependencies, build systems, artifacts, signing, provenance, CI/CD hardening).

• Experience securing CI/CD pipelines (e.g., GitHub Actions), including secrets management, permissions, token scopes, and isolation.

• Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews.

• Ability to work independently, with strong problem-solving skills and attention to detail.

• Extensive proficiency with Git and GitHub workflows (pull requests, reviews, merging, etc.).

• Professional fluency in English, excellent written and verbal communication skills in English.

• European residency, you must be currently based in Europe and eligible to work within it.

It would be great if you also have

• Experience with Python ecosystems and packaging (pip, PyPI), dependency management, and common security tooling.

• Familiarity with SBOMs, SLSA, signing and attestations (e.g., Sigstore/cosign), and reproducible builds.

• Experience with incident response and post-incident reviews.

• Prior contributions to Home Assistant or other open-source projects.

• Experience working with IoT / smart home software and threat models.

• Experience improving security testing and integrating checks into developer workflows.

• Affinity for the open-source philosophy and community-driven development.

• A passionate Home Assistant user, or a strong interest in smart home technology and automation.

What we offer you

The Open Home Foundation is a fully remote organization that uses an Employer of Record to employ people from all over the world. You will be a normal salaried employee in your country.

This is a full-time position for 40 hours per week. Because we are a fully remote company, there is no fixed schedule. For the purpose of team communication, we do try to ensure at least 3 hours of overlap in the workday. You will report to the Home Assistant Lead, who is based in the Netherlands.

Core to the establishment of the Open Home Foundation was the well-being of the people building the future of the smart home. We will provide all the benefits required by the country you reside in. However, we also want to make sure all our employees, regardless of country of origin, get at least a minimal set of benefits, including:

• Five weeks (twenty-five days) of paid time off.

• Fourteen days of paid sick leave if your country/laws treat them as unpaid.

• Six weeks of paid and six weeks of unpaid parental leave to be used in the first year after birth. We will provide the missing days if your country/laws do not provide such compensation.

• A budget for your work hardware once you start.

• A 50% contribution to your internet connection fee at your home workspace.

• If you are currently working on Home Assistant-related side projects, you can spend work time maintaining them.

When first offering a position to a new member, the Open Home Foundation aims to provide a total compensation package that matches the 75th percentile for the new hire's role, seniority, and local market rates. For a Security Engineer in our primary operating countries, the approximate yearly compensation will be the following:

• Netherlands: 78.000 EUR

• UK: 71.000 GBP

• Spain / Portugal: 58.000 EUR

• Italy: 64.000 EUR

• Other countries: compensation can be discussed during the first interview.

These figures may be adjusted based on experience, qualifications, and work hours.

About us

The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects, and open connectivity and communication standards.

A big part of this is Home Assistant, the biggest open-source project in number of contributors, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like:

• Open hardware tools (e.g., ESPHome, ESP Web Tools)

• Open standards (e.g., Python Matter Server, Z-Wave JS, ZigPy, BTHome, Improv Wi-Fi)

• Open voice (e.g., Rhasspy, Wyoming Protocol, Piper)

The recruitment process

• Apply for the role

• Our HR team will review your application with the hiring manager

• Interview with HR

• Technical assessment

• Interview with the team

• Offer

• Join our team!

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply