Contractor: Security Developer

The Open Home Foundation is looking for a Security Developer to join our Ecosystem department on a  contract  basis. The department is responsible for the development of projects under the Open Home Foundation umbrella, including ESPHome. We deeply care about the security and privacy of users working with our products or building devices with ESPHome, and aim to ensure our base framework follows good security patterns.

To achieve this, we will work with an external agency to perform a full security audit of ESPHome and its related tools. The ESPHome team is currently short on dedicated security expertise, so we need an expert contractor to bridge this gap.

What You Are Going To Do

Review the existing codebase to identify and fix low-hanging fruit regarding security vulnerabilities before the external audit begins.

Act as the primary technical point of contact to guide the external agency when they are performing the security audit on ESPHome and its tools.

Triage the findings from the external agency and fix (at least) the high-priority security issues found during the audit.

Work hand-in-hand with other team members within the ESPHome team to ensure security best practices are followed as the application evolves.

Review code from other team members and community contributors with a specific focus on security implications.

Fix bugs related to security technical debt.

What You Need To Have

Senior experience in the security hardening of software.

Strong expertise in C++ development (used in the ESPHome core).

Strong expertise in Python development (used in ESPHome tooling).

Experience with and interest in microcontrollers and embedded systems.

Experience guiding or participating in professional third-party software security audits.

Experience with Git and Git Hub.

Professional Fluency in English:
Excellent written and verbal communication skills in English.

It would be great if you also have

A passion for smart homes and automation.

Experience as an ESPHome or Home Assistant user.

Knowledge of IoT-specific security challenges (e.g., local network security, encryption on resource-constrained devices).

What we offer You

This is a temporary contractor position covering the pre-audit preparation, the active audit phase, and the subsequent remediation phase.

The Open Home Foundation is a fully remote organization; you can work from anywhere in the world.

There is no fixed schedule. For team communication, we try to ensure at least 3 hours of overlap in the workday. Most of our team is based in Europe.

Your point of contact will be our Ecosystem Lead, who is based in the Netherlands.

Compensation will be based on an agreed-upon hourly or project rate commensurate with senior security expertise.

About Us
The Open Home Foundation is a non-profit organization based in Switzerland, dedicated to fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. We support the development of open-source projects and open connectivity and communication standards. A big part of this is Home Assistant, but the Open Home Foundation also owns or collaborates with other projects important for promoting privacy, choice, and sustainability in the smart home, like ESPHome.

The recruitment process

Apply for the project.

Our team will review your application.

Initial interview.

Technical assessment or discussion regarding security approaches.

Interview with the team.

Contract Offer.

#J-18808-Ljbffr