Security Engineer (IoT)

TL;DR

Security Engineer (IoT): Owning security issue intake, coordination, and timely remediation, strengthening CI/CD and supply chain defenses for the Home Assistant ecosystem with an accent on vulnerability management and proactive risk reduction. Focus on improving build pipeline security, secrets management, and integrating security testing into engineering workflows.

Location: Remote (Europe). Must be currently based in Europe and eligible to work within it.

Salary: €58,000–€78,000 (Europe) or £71,000 (UK) yearly.

Company

The hirify.global is a Switzerland-based non-profit organization fighting for privacy, choice, and sustainability for smart homes by supporting open-source projects like Home Assistant.

What you will do

• Own security issue intake and coordination, including triage, reproduction, fix coordination, and responsible disclosure.
• Drive timely remediation of security issues by tracking SLAs and coordinating releases.
• Harden CI/CD and release workflows, improving build pipeline security, secrets management, and access controls.
• Strengthen supply chain defenses through dependency and artifact verification, provenance, and monitoring.
• Build preventive security practices by continuously improving security testing and scanning in engineering workflows.
• Coordinate external security work like audits and pentests, ensuring findings are remediated effectively.

Requirements

• 5+ years of experience, or 3+ years with strong, demonstrated ownership in vulnerability management and CI/CD / supply-chain security.
• Demonstrated experience triaging and coordinating vulnerability reports and driving remediation across multiple stakeholders.
• Strong understanding of software supply chain security and experience securing CI/CD pipelines.
• Practical knowledge of secure software development practices and ability to perform risk assessments and security reviews.
• Ability to work independently with strong problem-solving skills and attention to detail.
• Extensive proficiency with Git and GitHub workflows.
• Professional fluency in English, with excellent written and verbal communication skills.
• European residency; must be currently based in Europe and eligible to work within it.

Nice to have

• Experience with Python ecosystems and packaging, dependency management, and common security tooling.
• Familiarity with SBOMs, SLSA, signing and attestations (e.g., Sigstore/cosign), and reproducible builds.
• Experience with incident response and post-incident reviews.
• Prior contributions to Home Assistant or other open-source projects.
• Experience working with IoT / smart home software and threat models.

Culture & Benefits

• Fully remote organization with a flexible schedule and no fixed working hours.
• You will be a normal salaried employee in your country via an Employer of Record.
• Five weeks (twenty-five days) of paid time off.
• Fourteen days of paid sick leave.
• Six weeks of paid and six weeks of unpaid parental leave.
• Budget for your work hardware and 50% contribution to your internet connection fee.
• Opportunity to spend work time maintaining Home Assistant-related side projects.

Hiring process

• Apply for the role and application review by HR and hiring manager.
• Interview with HR.
• Technical assessment.
• Interview with the team.
• Offer.