Software Engineer
Remote
Full Time
Experienced
About the Eclipse Foundation
The Eclipse Foundation is a globally recognized nonprofit organization that supports a
vibrant community of open source projects and contributors. With a commitment to vendor
neutrality and transparency, we provide a collaborative environment for innovation across
industries including cloud, edge, AI, and developer tooling. Our team is remote-first,
inclusive, and passionate about open source.
Position Summary
The Eclipse Foundation is seeking a Software Engineer to join our Software Development
team. In this role, you will work on Open VSX, an open source registry for Visual Studio
Code extensions and compatible editors, as well as other business-critical platforms and
services. These include APIs, community platforms, and internal applications used by our
staff and members.
You will contribute to the design, development, and operation of secure, reliable, and
scalable services. The role has a strong focus on security fundamentals, operational quality,
and long-term maintainability. You will work closely with other developers, contractors, and
the open source community to deliver solutions that are trusted and widely used.
You will also contribute to extension supply-chain security by analysing suspicious
extensions and developing, testing, and maintaining YARA rules to detect malicious or
policy-violating artefacts.
This role offers exposure to large-scale open source systems, modern backend and frontend
technologies, and real-world security challenges.
Responsibilities
Education
Desired Skills and Experience
Nice to Have
Work Skills
Location
This is a remote position. The selected candidate will work from their home office. All qualified candidates will be considered, with preference for candidates based in Canada, France, Germany, Italy, Spain, Portugal, and Belgium.
Why Join Us
We offer competitive compensation along with a comprehensive benefits package. We thank
all applicants for their interest; however, only those selected for an interview will be
contacted. For more information about the Eclipse Foundation, please visit our website at
eclipse.org.
The Eclipse Foundation respects the dignity and independence of people with disabilities
and is committed to providing accommodation and support throughout any recruitment
process. If you require any special accommodation or support, please let us know when
applying.
The Eclipse Foundation is a globally recognized nonprofit organization that supports a
vibrant community of open source projects and contributors. With a commitment to vendor
neutrality and transparency, we provide a collaborative environment for innovation across
industries including cloud, edge, AI, and developer tooling. Our team is remote-first,
inclusive, and passionate about open source.
Position Summary
The Eclipse Foundation is seeking a Software Engineer to join our Software Development
team. In this role, you will work on Open VSX, an open source registry for Visual Studio
Code extensions and compatible editors, as well as other business-critical platforms and
services. These include APIs, community platforms, and internal applications used by our
staff and members.
You will contribute to the design, development, and operation of secure, reliable, and
scalable services. The role has a strong focus on security fundamentals, operational quality,
and long-term maintainability. You will work closely with other developers, contractors, and
the open source community to deliver solutions that are trusted and widely used.
You will also contribute to extension supply-chain security by analysing suspicious
extensions and developing, testing, and maintaining YARA rules to detect malicious or
policy-violating artefacts.
This role offers exposure to large-scale open source systems, modern backend and frontend
technologies, and real-world security challenges.
Responsibilities
- Design, develop, and maintain features across our platforms and services, including
- Open VSX, APIs, community platforms, and internal applications.
- Build and operate secure and reliable services using Spring Boot, Quarkus, PostgreSQL, MariaDB, Redis, React, and TypeScript.
- Apply security best practices throughout the development lifecycle, including authentication, authorisation, dependency management, and secure configuration.
- Contribute to monitoring, logging, and observability to ensure system health and incident visibility.
- Improve platform resilience and security through safeguards such as rate-limiting, abuse prevention, and input validation.
- Write, test, and maintain YARA rules to detect malicious or policy-violating VS Code extensions and related artefacts.
- Analyse suspicious extensions and convert findings into long-lived detection rules.
- Maintain rule quality through validation, regression testing, and false-positive reduction.
- Participate in code reviews and collaborate closely with team members to maintain code quality.
- Write and maintain technical documentation for internal use and open source contributors.
Education
- Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent professional experience.
Desired Skills and Experience
- Solid experience with Java (JDK 17+) and Spring Boot.
- Strong understanding of security best practices and security concepts, including authentication, authorisation, secrets management, dependency management, input validation, and vulnerability mitigation.
- Hands-on experience with malware detection, including writing and validating YARA rules.
- Experience with TypeScript and React, or another modern frontend framework with a willingness to learn.
- Experience working with relational databases such as PostgreSQL or MariaDB.
- Familiarity with Redis or similar caching technologies.
- Experience with CI/CD pipelines (for example GitHub Actions, Jenkins, Gradle).
- Working knowledge of Docker; basic familiarity with Kubernetes or similar orchestration platforms.
- Familiarity with monitoring and observability tools such as Prometheus and Grafana.
- Comfort working in open source environments using GitHub or GitLab.
Nice to Have
- Experience with extension security, including identifying malware risks and handling known vulnerabilities.
- Experience analysing JavaScript malware, including obfuscation techniques.
- Experience building or operating detection pipelines, including rule testing and false-positive management.
- Experience with Elasticsearch or search platforms.
- Exposure to rate-limiting or abuse-prevention mechanisms.
- Experience with Quarkus.
- Interest in or prior contributions to open source projects.
Work Skills
- Clear and direct communication with technical and non-technical stakeholders.
- Ability to work independently in a distributed, remote-first team.
- Pragmatic approach to problem solving, with attention to security and maintainability.
- Willingness to learn and grow through feedback and collaboration.
- Habit of writing clear documentation and participating in reviews.
Location
This is a remote position. The selected candidate will work from their home office. All qualified candidates will be considered, with preference for candidates based in Canada, France, Germany, Italy, Spain, Portugal, and Belgium.
Why Join Us
- Competitive compensation and benefits
- Flexible work hours and remote-first culture
- Corporate Recharge days and right-to-disconnect policy
- Opportunity to work on widely used open source infrastructure with global impact
We offer competitive compensation along with a comprehensive benefits package. We thank
all applicants for their interest; however, only those selected for an interview will be
contacted. For more information about the Eclipse Foundation, please visit our website at
eclipse.org.
The Eclipse Foundation respects the dignity and independence of people with disabilities
and is committed to providing accommodation and support throughout any recruitment
process. If you require any special accommodation or support, please let us know when
applying.
Apply for this position
Required*