Senior OSS-SIRT Engineer / Technical Lead (Cybersecurity)

TL;DR

Senior OSS-SIRT Engineer / Technical Lead (Cybersecurity): Leading vulnerability triage and automation for open source security ecosystems with an accent on OSV-based workflows and software supply chain security. Focus on designing curation pipelines, developing automation tooling, and mentoring engineers to ensure vulnerability data is actionable.

Location: Hybrid (Must be based in the USA)

Salary: $140,000 – $160,000 USD

Company

The hirify.global is a non-profit that provides a neutral, trusted hub for developers and organizations to code and scale open technology projects.

What you will do

• Lead vulnerability triage and validation using OSV-based workflows.
• Design and improve ingestion, linting, and curation pipelines.
• Develop and maintain automation tooling including APIs, CLIs, and GitHub Actions.
• Coordinate with maintainers, researchers, and CNAs on complex disclosures.
• Ensure alignment with OSV Schema, CWE, CVSS/EPSS, VEX, and SBOM formats.
• Provide technical guidance and mentorship to junior OSS-SIRT engineers.

Requirements

• 8+ years of experience in security engineering, PSIRT, or vulnerability research.
• Hands-on experience with open source vulnerability disclosure and triage.
• Strong understanding of software supply chain security.
• Proficiency in scripting or programming languages such as Python or Go.
• Must be authorized to work in your country of residence without employer sponsorship.

Nice to have

• Experience with OSV, GitHub Security Advisories, or CNA participation.
• Familiarity with SBOM tooling (SPDX, CycloneDX).
• Experience in automation-first security tooling development.

Culture & Benefits

• Opportunity to work at the heart of open source security via the OpenSSF.
• Collaborative environment engaging with global maintainers and security researchers.
• Commitment to neutrality and transparency in scaling open technology.
• Adherence to EEO guidelines ensuring confidentiality and fairness.