Security Engineering Champion, Open JS (Contractor)
San Francisco, CA, United States
Applications have closed
Linux Foundation
The OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both...Company Description
The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 41 open source JavaScript projects including Appium, Dojo, Jest, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Joyent, Microsoft and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value.
Job Description
OpenJS is seeking a Security Engineering Champion (contractor) who will build upon our Node.js and jQuery security working group initiatives to scale security best practices across the most critical projects in the OpenJS project portfolio.
In this role, you will have the opportunity to advance security skills and processes among the contributor and implementer communities to strengthen the JavaScript ecosystem broadly. You will do this with the support of OpenJS, a vendor-neutral organization. The contract term for this role is through 2023.
Key Responsibilities Include
- Collaborate with the OpenJS Foundation Cross Project Council and the lead maintainers of the foundation’s hosted projects to document and prioritize security strategies for our most critical projects
- Develop security roadmap and implementation plans for JavaScript, including customizing OpenSSF and OWASP best practices
- Provide direct support to maintainers of the OpenSSF best practices badge program
- Work closely with Linux Foundation Training staff and JavaScript industry experts to create JavaScript security training
- Provide support for secure releases and CVE management
- Improve and document security processes.
Qualifications
- 5+ years of hands-on experience with JavaScript security at scale
- Security engineering background or background in developing security engineering principles and practices
- Expertise in developing and implementing security improvement plans using industry-known frameworks. E.g, Financial or Governmental
- Demonstrated ability to manage secure releases at a global scale
- Working knowledge of Product Security Incident Response Team (PSIRT) processes and programs
- Familiarity with cybersecurity standards, training, and certification
- Strong problem-solving skills: you aren’t afraid of ambiguity, a hard problem, or a sticky situation, and work productively to resolve issues
- Strong oral and written communication skills: you write down action items, follow up with meeting notes, and have a preference for documenting processes and goals
- Experience working with open source communities: you understand the open source ecosystem and the challenges and opportunities it faces
Additional Information
All your information will be kept confidential according to EEO guidelines.
The Linux Foundation is creating the greatest shared technology investment in history by enabling open source collaboration across companies, developers, and users. We are the organization of choice to build ecosystems that accelerate open technology development and commercial adoption.
The Linux Foundation is an Equal Opportunity Employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Incident response JavaScript Linux Node.js Open Source OWASP Product security PSIRT
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs