Plus
Включить Plus
Назад
Company hidden
обновлено 5 дней назад

OSS-SIRT Director (Cybersecurity)

185 000 - 210 000$
Тип работы
fulltime
Грейд
director
Английский
c1
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

OSS-SIRT Director (Cybersecurity): Leading the establishment and operation of the OpenSSF's OSS-SIRT and OSS-VulnDB capabilities with an accent on vulnerability coordination, policy stewardship, and incident-response governance. Focus on building neutral, high-quality vulnerability disclosure frameworks and managing complex multi-party security incidents across the open source ecosystem.

Company

The hirify.global is a non-profit organization providing a neutral hub for developers and organizations to manage and scale open technology projects and ecosystems.

What you will do

  • Own the OSS-VulnDB and OSS-SIRT roadmap, milestones, and delivery from MVP to steady state.
  • Establish and operate governance, policies, disclosure timelines, and escalation paths.
  • Serve as the primary liaison to CVE programs, CNAs, OSV operators, and public-sector stakeholders.
  • Lead incident coordination for complex, multi-party vulnerabilities affecting critical open source software.
  • Define and enforce data quality, curation, and dispute-resolution policies.
  • Oversee program KPIs, risk management, and budget execution.

Requirements

  • 10+ years of experience in security program management, PSIRT/SIRT leadership, or large-scale security operations.
  • Direct experience with coordinated vulnerability disclosure (CVD).
  • Familiarity with CVE, CNA operations, OSV, NVD, and vulnerability lifecycles.
  • Proven ability to operate in multi-stakeholder, neutral governance environments.
  • Strong policy, communication, and executive-level briefing skills.

Nice to have

  • Leadership experience within open source foundations or standards bodies.
  • Exposure to global regulatory frameworks such as CRA, NIS2, or SSDF.
  • Incident leadership experience for ecosystem-wide vulnerabilities.

Culture & Benefits

  • Opportunity to lead critical security initiatives for the global open source ecosystem.
  • Work within a neutral, cross-industry organization.
  • Travel requirement of up to 20%.
  • Competitive compensation package.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →