Senior Security Engineer

About The Role

Ruby Central is looking for a Senior Security Engineer to focus on security needs within the RubyGems team. This role supports and protects key infrastructure powering the Ruby ecosystem including RubyGems, Bundler, and RubyGems.org.

Responsibilities

• Plan and execute a security roadmap to improve supply chain security.
• Formalize and enhance existing security practices for Ruby projects.
• Establish processes to prevent, detect, and respond to security risks.
• Contribute to security policies for RubyGems.org, involving community and expert inputs.
• Participate in working groups and meetings with ecosystem stakeholders.
• Design, build, and maintain features in RubyGems, Bundler, and RubyGems.org.
• Collaborate with maintainers to address bugs, security issues, and feature requests.
• Monitor and support AWS-based infrastructure including automation and pipeline improvements.
• Accept on-call shifts for security or emergency incidents.
• Participate in community discussions, RFCs, and technical planning for future enhancements.
• Mentor community contributors and volunteers.

Requirements

• 5+ years of hands-on security engineering experience.
• Deep proficiency in Ruby and Ruby on Rails.
• Expertise in securing AWS cloud environments including VPC, IAM, container, and serverless architectures.
• Expert knowledge of web application vulnerabilities including OWASP Top 10.
• Experience with security automation using scripting languages.
• Proficiency with Infrastructure as Code and associated scanning tools.
• Hands-on experience with SAST, DAST, IAST and infrastructure scanning tools.
• Proven ability to design and implement security monitoring and incident response solutions.
• Excellent communication skills and mentoring ability.

Nice to Have

• Experience with package manager or software distribution security.
• Knowledge of standards like SLSA or Sigstore.
• Active participation in open source communities, particularly Ruby.
• Experience with penetration testing, vulnerability research, threat modeling, and security architecture.

Why Join Us?

Working at Ruby Central means working at the heart of the Ruby community. You’ll help steward some of the most critical open source infrastructure, collaborate with an engaged community, and shape the future of Ruby development. The company values sustainability, community care, and transparency.

Key skills/competency

• Security Engineering
• Ruby
• Ruby on Rails
• AWS
• Cloud Security
• Automation
• Infrastructure as Code
• Incident Response
• Vulnerability Analysis
• Open Source