Senior Software Engineer, Tooling

$100,000 to $130,000 - Contract

This is your chance to work on security-focused tooling, mostly written in Python, at a public benefit open source software foundation.

• For this position applicants residing in the EU, EFTA, & UK are preferred.
• There is no expectation of travel outside of the EU, EFTA, & UK.
• You will work with the ASF as an independent contractor.

Why this role?

You will be paid to contribute to the ASF, a foundation dedicated to open source software (OSS). The software you write will enhance practices at the ASF, especially those related to security. You will be helping the ASF's hundreds of members and thousands of contributors to release some of the world's most recognisable software. For further details about the ASF see below, or explore our website.

In addition to this core proposition, you will be able to:

• Set your own schedule and work almost exclusively from home.
• Use Python, a widely loved programming language.
• Work in a small team, collaborating with dedicated colleagues.
• See much of your code released under the Apache License 2.0.

Is this you?

You must have documented experience as a Senior or Principal Software Engineer with full-stack async Python including type annotations. You must have strong experience with CI/CD, Git, OCI containers and runtimes, SQLite, and supply-chain security. You must have your own OSS track record, and fluent written and spoken English.

Although this is a senior role, we recognise that recruiting only from existing senior positions is not a sustainable industry practice. We will therefore consider experienced engineers from other positions with an exceptional record who are ready for the next step. If this applies to you, please include a statement explaining why you should be considered for a senior role.

Bonus experience

In addition to the mandatory experience criteria above, we prioritise applicants who have experience in several of the following domains:

• Authentication (OAuth, OIDC, SAML, FIDO2, WebAuthn)
• Code signing (OpenPGP, Sigstore, in-toto, DSSE, JWKS)
• Declarative infrastructure (Puppet, NixOS, Terraform)
• Lightweight reactive UX (Alpine.js, htmx, Datastar, Svelte, Lit)
• Modern Python development (Hypothesis, Pyright, pytest, uv)
• Release processes (GitHub Actions, Zizmor, PEP 740)
• Supply chain security (CycloneDX, SPDX)

Overall, we are looking for engineers who specifically want to work with the ASF, who share our passion for OSS, and who understand our policies, mission, and goals for the near future.

Location, hours, and eligibility

This role is open to permanent residents of the EU, EFTA, and UK. (The EFTA nations are Iceland, Liechtenstein, Norway, and Switzerland.) There is no visa sponsorship, and you must already have the legal right to work where you live. There will be no expectation of travel outside of the EU, EFTA, and UK. To facilitate collaboration with colleagues across the Atlantic, your core working hours must overlap with 15:00 to 23:00 CET/CEST, Monday to Friday.

Permanent residents of other nations may be considered.

This position is for an independent contractor. You will not be employed by the ASF. Contracts will be set at a fixed agreed USD amount, and paid in USD monthly. You will be responsible for your own taxes and benefits, and will need to provide your own equipment, internet access, workspace, etc.

The ASF performs background checks on all new hires. Acceptance of this position requires consenting to this check, which is initiated when you are offered a contract, not before or during interviewing.

Your day-to-day

Your team will consist of one other Senior Software Engineer, and reports to the ASF Vice President, Tooling - an experienced contributor who will be your manager and mentor. You will communicate through Slack, including voice meetings, and email. Outside of your team your closest colleagues will be those in ASF Infrastructure, with whom you will build a good working rapport and collaborate often. The majority of your time will be spent listening to the needs of your many users, writing code, managing server processes through Puppet and Docker, and upstreaming fixes.

Your specific projects will vary, but will serve the needs of three primary user groups: the Foundation Board, Secretary, Treasurer, and their assistants; the Infrastructure team; and the Top Level Projects of the foundation. Current focus for these groups includes a secure trusted software release publishing platform; securing MFA for the whole foundation; a workbench for the Foundation Secretary; assessment of compliance to the EU Cyber Resilience Act (CRA); and security hardening of existing infrastructure.

About the ASF

The ASF exists to provide software for the public good. We believe in the power of community over code, known as The Apache Way. Thousands of people around the world contribute to ASF open source projects every day.

The ASF manages a network of open source software which includes more than 2200 software code repositories, a global software distribution and mirroring system, change management, issue tracking, and software support for 300+ open source initiatives and more than 10,000 contributors around the world.

The ASF is a U.S. 501(c)(3) charitable organization funded by individual donations and corporate sponsors, and is run almost exclusively by volunteers who provide support for hundreds of projects. Since 1999, we have provided a framework for intellectual property and financial contributions that enables people around the world to collaborate and deliver freely available software, and millions of end-users to benefit from that software.

How to apply

Reply to this job posting with your CV and any required information. Please indicate in your CV or in a separate written statement how your core competencies match our stated criteria. Please take special care not to omit this step.

Send your application via email

Our interview process is humane and traditional. It will be conducted by ASF staff and members using common video meeting software.