This website uses cookies to ensure you get the best experience.

The Linux Foundation and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Large Projects Leads · Remote · Fully Remote

OSS-SIRT Director

OSS-SIRT Director

Company Description

The Linux Foundation is a 501(c)(6) non-profit that provides a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry's most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Job Description

The OSS-SIRT Director is the senior program leader responsible for standing up, governing, and operating the OpenSSF's OSS-SIRT and OSS-VulnDB capability. This role combines program leadership, policy stewardship, ecosystem coordination, and incident-response governance, serving as the public and internal face of the program.

The Director ensures the program delivers trusted, neutral, high-quality vulnerability coordination aligned with OSV, CVE/CNA practices, CRA expectations, and OpenSSF's upstream-first principles.

Responsibilities

  • Own the OSS-VulnDB + OSS-SIRT roadmap, milestones, and delivery across transitions from MVP to public beta to steady state

  • Establish and operate OSS-SIRT governance, policies, disclosure timelines, and escalation paths

  • Serve as primary liaison to:

    • CVE Program / CNAs

    • OSV and federated VulnDB operators

    • Regulators and public-sector stakeholders (e.g., CRA-aligned reporting pathways)

  • Define and enforce data quality, curation, and dispute-resolution policies

  • Lead incident coordination for complex, multi-party vulnerabilities affecting critical OSS

  • Oversee program KPIs, risk management, reporting, and budget execution

  • Partner with OpenSSF working groups on standards alignment (OSV, VEX, SBOM, CWE)

  • Support funding sustainability efforts (founding partners, grants, member engagement)

Travel: Up to 20%

Qualifications

Prerequisites

  • 10+ years in security program management, PSIRT/SIRT leadership, or large-scale security operations

  • Direct experience with coordinated vulnerability disclosure (CVD)

  • Familiarity with CVE, CNA operations, OSV, NVD, and vulnerability lifecycles

  • Proven ability to operate in multi-stakeholder, neutral governance environments

  • Strong policy, communication, and executive-level briefing skills

Desirable Skills and Background

  • Open source foundation or standards-body leadership

  • Exposure to global regulatory frameworks (CRA, NIS2, SSDF, etc.)

  • Incident leadership for ecosystem-wide vulnerabilities (e.g., Log4Shell-class events)

Success Metrics (First 24 Months)

  • OSS-SIRT operational within 90 days

  • MVP VulnDB + workflows live within 6 months

  • Measurable reduction in time-to-publication and data-quality gaps

  • Successful onboarding of initial ecosystems and partners

Additional Information

Salary: $185,000 – $210,000 USD

All your information will be kept confidential according to EEO guidelines.

Department
Large Projects Leads
Role
OSSF
Locations
Remote
Remote status
Fully Remote

About The Linux Foundation

The Linux Foundation is a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

Founded in 2000
Coworkers About 375
Large Projects Leads · Remote · Fully Remote

OSS-SIRT Director

Loading application form

Already working at The Linux Foundation?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor