Contractor: Security Developer

The Open Home Foundation is looking for a Security Developer to join our Ecosystem department on a contract basis.

This department is responsible for the development of various projects under the Open Home Foundation umbrella, including ESPHome. We deeply care about the security and privacy of users working with our products or building devices with ESPHome. We want to ensure our base framework follows good security patterns so users and companies building on ESPHome firmware can create devices that are as secure as possible.

To achieve this, we will be working with an external agency to perform a full security audit on ESPHome and its related tools. The ESPHome team is currently short on dedicated security expertise, so we are looking for an expert contractor to bridge this gap.

This role will be involved in hardening the code used in ESPHome, the project that allows turning common microcontrollers into smart home devices. ESPHome consists of a large core codebase written in C++ and a code generation component written in Python. Therefore, we require a candidate to be skilled in both programming languages, with a heavy emphasis on security hardening in an embedded context.

What you are going to do

• Review the existing codebase to identify and fix low-hanging fruit regarding security vulnerabilities before the external audit begins.

• Act as the primary technical point of contact to guide the external agency when they are performing the security audit on ESPHome and its tools.

• Triage the findings from the external agency and fix (at least) the high-priority security issues found during the audit.

• Work hand-in-hand with other team members within the ESPHome team to ensure security best practices are followed as the application evolves.

• Review code from other team members and community contributors with a specific focus on security implications.

• Fix bugs related to security technical debt.

What you need to have

• Senior experience in the security hardening of software.

• Strong expertise in C++ development (used in the ESPHome core).

• Strong expertise in Python development (used in ESPHome tooling).

• Experience with and interest in microcontrollers and embedded systems.

• Experience guiding or participating in professional third-party software security audits.

• Experience with Git and GitHub.

• Professional Fluency in English: Excellent written and verbal communication skills in English.

It would be great if you also have

• A passion for smart homes and automation.

• Experience as an ESPHome or Home Assistant user.

• Knowledge of IoT-specific security challenges (e.g., local network security, encryption on resource-constrained devices).

What we offer you

• This is a temporary contractor position. The duration will cover the pre-audit preparation, the active audit phase, and the subsequent remediation phase.

• The Open Home Foundation is a fully remote organization; you can work from anywhere in the world.

• Because we are a fully remote company, there is no fixed schedule. However, for team communication, we try to ensure at least 3 hours of overlap in the workday. Most of our team is based in Europe

• Your point of contact will be our Ecosystem Lead, who is based in the Netherlands.

• Compensation will be based on an agreed-upon hourly or project rate commensurate with senior security expertise.

About us

The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects and open connectivity and communication standards.

A big part of this is Home Assistant, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like ESPHome.

The recruitment process

1. Apply for the project.

2. Our team will review your application.

3. Initial interview.

4. Technical assessment or discussion regarding security approaches.

5. Interview with the team.

6. Contract Offer.