This website uses cookies to ensure you get the best experience.

Ruby Central and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Ruby Central career site
Open Source · Fully Remote

Senior Security Engineer

About the Role

Ruby Central is looking for a Senior Software Engineer to focus on Security needs to join our RubyGems team to help protect and secure key infrastructure that powers the Ruby ecosystem: RubyGems, Bundler, and RubyGems.org.

This role is ideal for an experienced security engineer who is passionate about open source, deeply familiar with Ruby and Ruby on Rails, and eager to support critical tools used by Rubyists every day.

Responsibilities

  • Participate in planning and execution for a security roadmap to sustainably improve the supply chain security of the Ruby package management ecosystem.

  • Formalize existing security practices, and help Ruby projects become more proactive with regards to security improvements

  • Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward

  • Contribute to security policies for the RubyGems.org service, soliciting and considering input from the community and security experts.

  • Participate in relevant working groups and meetings with ecosystem stakeholders and funding partners

  • Design, build, and maintain features in RubyGems, Bundler, and RubyGems.org.

  • Collaborate with maintainers and contributors across the ecosystem to address bugs, security issues, and new feature requests.

  • Monitor and support the AWS-based infrastructure, including automating operations and improving deployment pipelines.

  • Accept on-call shifts for security or other emergency incidents.

  • Participate in community discussions, RFCs, and technical planning for future enhancements to Ruby’s packaging ecosystem.

  • Support and mentor community contributors and volunteers.

Requirements

  • 5+ years of hands-on experience in security engineering, with a strong background in infrastructure and cloud security.

  • Deep proficiency in the Ruby programming language and the Ruby on Rails framework.

  • Expertise in securing cloud environments AWS, including VPC/network security, IAM policies, container security (Kubernetes, Docker), and serverless architectures.

  • Expert-level knowledge of web application vulnerabilities (OWASP Top 10 and beyond) and deep familiarity with the security nuances of Ruby on Rails (e.g., mass assignment, SQLi, XSS, CSRF in a Rails context).

  • Demonstrated experience building and implementing security automation using scripting languages (e.g., Bash, Ruby) to reduce manual work.

  • Proficiency with Infrastructure as Code (IaC) and its security implications (e.g., Terraform, CloudFormation), including experience with IaC scanning tools.

  • Hands-on experience with security tooling such as SAST, DAST, IAST, and infrastructure scanning tools.

  • Experience designing and implementing security monitoring solutions (SIEM, log analysis) and leading incident response efforts, from detection to post-mortem.

  • Excellent communication skills, with the ability to mentor junior engineers and clearly articulate complex security risks to both technical and non-technical stakeholders.

Nice to Have

  • Experience with package manager or software distribution security. Knowledge of standards like SLSA or Sigstore is a major plus.

  • Active participation and contributions in open source communities, particularly Ruby

  • Experience with penetration testing and vulnerability research

  • Background in threat modeling and security architecture

Why Join Us?

Working at Ruby Central means working at the heart of the Ruby community. You’ll help steward some of the most important open source infrastructure in our ecosystem, collaborate with an engaged and passionate community, and help shape the future of Ruby development.

We value sustainability, community care, and transparency. We strive to make working on open source rewarding and impactful for both our team and the wider ecosystem.

Department
Open Source
Role
Senior Security Engineer
Remote status
Fully Remote
Open Source · Fully Remote

Senior Security Engineer

Loading application form

Already working at Ruby Central?

Let’s recruit together and find your next colleague.

@rubycentral.org
Applicant tracking system by Teamtailor