This website uses cookies to ensure you get the best experience.

The Linux Foundation and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Large Projects Leads · Remote

OSS-SIRT Engineer (Contract)

OSS-SIRT Engineer (Contract)

Company Description

The Linux Foundation is a 501(c)(6) non-profit that provides a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry's most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Role Summary

The OSS-SIRT Engineer supports the daily operation of the OSS-SIRT by handling vulnerability intake, validation, enrichment, and maintainer coordination. This is a growth role designed to build deep expertise in open source vulnerability management and ecosystem-scale security operations.

Key Responsibilities (Years 1–2)

  • Triage incoming vulnerability reports and submissions

  • Validate records for completeness, accuracy, and schema compliance

  • Assist with maintainer and researcher communications

  • Support CVE/ID requests and aliasing workflows

  • Help maintain dashboards, metrics, and reporting

  • Contribute to documentation, playbooks, and runbooks

Required Qualifications

  • 2–5 years in security engineering, application security, or open source development

  • Familiarity with vulnerability lifecycles and basic disclosure practices

  • Strong written communication skills

  • Interest in open source communities and collaboration

Preferred Experience

  • Exposure to CVE, OSV, or GitHub Advisories

  • Experience contributing to open source projects

  • Basic scripting or data analysis skills

Success Metrics (First 24 Months)

  • Accurate triage and handling of submissions with minimal rework

  • Growing autonomy in managing disclosures

  • Demonstrated progression toward senior-level responsibilities

Additional Information

Salary: $100,000 – $125,000 USD

The Linux Foundation is unable to provide visa sponsorship for this position. Candidates must be independently authorized to work in the country where they will be employed, without employer sponsorship, now or in the future.

All your information will be kept confidential according to EEO guidelines.

Department
Large Projects Leads
Role
OpenSSF
Locations
Remote

About The Linux Foundation

The Linux Foundation is a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

Founded in 2000
Coworkers About 375
Large Projects Leads · Remote

OSS-SIRT Engineer (Contract)

Loading application form

Already working at The Linux Foundation?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor