Key skills
AWSCloudDockerKubernetesRubyRuby on RailsTerraformBashRailsServerlessCloudFormationIAMCommunicationOWASPNetwork SecurityCloud Security
About this role
Role Overview
- Participate in planning and execution for a security roadmap to sustainably improve the supply chain security of the Ruby package management ecosystem
- Formalize existing security practices, and help Ruby projects become more proactive with regards to security improvements
- Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward
- Contribute to security policies for the RubyGems.org service, soliciting and considering input from the community and security experts
- Participate in relevant working groups and meetings with ecosystem stakeholders and funding partners
- Design, build, and maintain features in RubyGems, Bundler, and RubyGems.org
- Collaborate with maintainers and contributors across the ecosystem to address bugs, security issues, and new feature requests
- Monitor and support the AWS-based infrastructure, including automating operations and improving deployment pipelines
- Accept on-call shifts for security or other emergency incidents
- Participate in community discussions, RFCs, and technical planning for future enhancements to Ruby’s packaging ecosystem
- Support and mentor community contributors and volunteers
Requirements
- 5+ years of hands-on experience in security engineering, with a strong background in infrastructure and cloud security
- Deep proficiency in the Ruby programming language and the Ruby on Rails framework
- Expertise in securing cloud environments AWS, including VPC/network security, IAM policies, container security (Kubernetes, Docker), and serverless architectures
- Expert-level knowledge of web application vulnerabilities (OWASP Top 10 and beyond) and deep familiarity with the security nuances of Ruby on Rails (e.g., mass assignment, SQLi, XSS, CSRF in a Rails context)
- Demonstrated experience building and implementing security automation using scripting languages (e.g., Bash, Ruby) to reduce manual work
- Proficiency with Infrastructure as Code (IaC) and its security implications (e.g., Terraform, CloudFormation), including experience with IaC scanning tools
- Hands-on experience with security tooling such as SAST, DAST, IAST, and infrastructure scanning tools
- Experience designing and implementing security monitoring solutions (SIEM, log analysis) and leading incident response efforts, from detection to post-mortem
- Excellent communication skills, with the ability to mentor junior engineers and clearly articulate complex security risks to both technical and non-technical stakeholders
Tech Stack
- AWS
- Cloud
- Docker
- Kubernetes
- Ruby
- Ruby on Rails
- Terraform
Benefits
- Work from anywhere in the world
- Collaborative and passionate community
- Opportunity to impact the future of Ruby development
- Open source engagement