Senior Security Engineer focusing on security infrastructure for RubyGems, Bundler, and RubyGems.org at Ruby Central. Improve supply chain security while collaborating with a passionate open source community.
Responsibilities
Participate in planning and execution for a security roadmap to sustainably improve the supply chain security of the Ruby package management ecosystem
Formalize existing security practices, and help Ruby projects become more proactive with regards to security improvements
Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward
Contribute to security policies for the RubyGems.org service, soliciting and considering input from the community and security experts
Participate in relevant working groups and meetings with ecosystem stakeholders and funding partners
Design, build, and maintain features in RubyGems, Bundler, and RubyGems.org
Collaborate with maintainers and contributors across the ecosystem to address bugs, security issues, and new feature requests
Monitor and support the AWS-based infrastructure, including automating operations and improving deployment pipelines
Accept on-call shifts for security or other emergency incidents
Participate in community discussions, RFCs, and technical planning for future enhancements to Ruby’s packaging ecosystem
Support and mentor community contributors and volunteers
Requirements
5+ years of hands-on experience in security engineering, with a strong background in infrastructure and cloud security
Deep proficiency in the Ruby programming language and the Ruby on Rails framework
Expertise in securing cloud environments AWS, including VPC/network security, IAM policies, container security (Kubernetes, Docker), and serverless architectures
Expert-level knowledge of web application vulnerabilities (OWASP Top 10 and beyond) and deep familiarity with the security nuances of Ruby on Rails (e.g., mass assignment, SQLi, XSS, CSRF in a Rails context)
Demonstrated experience building and implementing security automation using scripting languages (e.g., Bash, Ruby) to reduce manual work
Proficiency with Infrastructure as Code (IaC) and its security implications (e.g., Terraform, CloudFormation), including experience with IaC scanning tools
Hands-on experience with security tooling such as SAST, DAST, IAST, and infrastructure scanning tools
Experience designing and implementing security monitoring solutions (SIEM, log analysis) and leading incident response efforts, from detection to post-mortem
Excellent communication skills, with the ability to mentor junior engineers and clearly articulate complex security risks to both technical and non-technical stakeholders
Benefits
Work from anywhere in the world
Collaborative and passionate community
Opportunity to impact the future of Ruby development
Security Developer coordinating vulnerabilities and malware issues for the Python Software Foundation. Collaborating with teams to enhance security practices and document threat models.
Presales Security Expert supporting sales leads and educating customers on security at Fortinet. Responsible for technical resource during sales calls and post - sales training.
IAM Director managing customer - facing identity and access management security programs at RBC. Assessing risks, developing controls, and ensuring compliance with standards and regulations.
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.
Senior Infrastructure professional solving practical security challenges and improving enterprise systems security at Confluence. Focused on implementation, remediation, and secure operations across Windows and Linux environments.