Responsibilities
- Audit the current state of test coverage and CI pipelines across OpenCTI, OpenAEV, and OpenGRC and identify critical gaps.
- Define a prioritized roadmap to address identified gaps in test coverage and CI pipelines.
- Define and implement a cross-product test strategy covering unit, integration, end-to-end, and contract testing across the stack (GraphQL API, TypeScript/React frontend, Node.js/Java backend, Python connectors).
- Lead the consolidation and standardisation of CI/CD pipelines towards GitHub Actions.
- Introduce quality gates in CI pipelines such as coverage thresholds, mutation testing, flakiness detection, and static analysis.
- Build shared test tooling, templates, and libraries that product teams can adopt with minimal friction.
- Introduce and maintain performance and load testing practices, establishing baselines and regression detection for critical system paths.
- Define and enforce standards for test reliability and pipeline speed to reduce engineering debt.
- Work closely with product engineering teams to embed quality practices in their day-to-day workflows through guidance, code reviews, and hands-on pairing.
- Stay current with the testing, CI/CD, and AI-assisted engineering landscape, evaluating new tools and approaches like LLM-based test generation and agentic testing frameworks.
- Bring well-reasoned proposals to the team based on evaluation of new technologies and practices.
Requirements
- 7–12 years of experience in software engineering with a strong and deliberate focus on quality engineering and CI/CD.
- Deep expertise in test strategy and architecture, including understanding tradeoffs between unit, integration, and end-to-end tests.
- Hands-on experience building and maintaining CI/CD pipelines at scale that are fast, reliable, and developer-friendly.
- Comfortable navigating a polyglot stack: TypeScript/React (frontend), Node.js or Java (backend), Python (integrations).
- Experience with modern test tooling such as Playwright, Vitest, Jest, Cypress, or equivalents.
- Experience with mutation testing frameworks (e.g., Stryker), contract testing (e.g., Pact), and static analysis/linting pipelines.
- Strong understanding of software quality metrics — coverage, mutation score, flakiness rates, pipeline duration — and how to use them to drive improvement.
- Excellent written communication skills to turn audits into clear, prioritized action plans.
- Comfortable working in a remote-first, async culture with teams across multiple time zones.
- Fluency in English (written).
- Autonomy and ownership mindset: ability to identify problems, propose solutions, and drive them to completion without becoming a bottleneck.
Nice to Have
- Experience with performance/load testing tools such as k6, Gatling, or Locust.
- Hands-on use of AI-assisted test generation tools like GitHub Copilot, Cursor, or LLM-based test scaffolding.
- Open-source contributions or maintainership.
- Experience rolling out quality standards across large engineering teams.
- Cybersecurity domain knowledge.
Work Arrangement
Remote (Worldwide)
Team
Team size: 60. Structure: XTM Foundation is a cross-product engineering team working across OpenCTI, OpenAEV, and OpenGRC product teams.
XTM Foundation
XTM Foundation is Filigran's cross-product engineering team, created to raise the technical bar across the entire XTM Suite. The team owns problems that no single product team can solve alone: shared architecture, inter-product communication standards, common UI components, CI/CD infrastructure, test quality, developer experience, and AI-assisted development practices. XTM Foundation engineers work closely with all product teams — not as gatekeepers, but as force multipliers. They bring deep expertise, evaluate new approaches before rolling them out at scale, and help 60+ engineers build better software, faster.
Company Mission and Culture
Filigran builds open-source cybersecurity solutions, increasingly powered by AI, to help defense teams anticipate threats and act faster. The company believes in work that matters, uniting defenders into a global community to make security more open, resilient, and collaborative. Culture is grounded in CORE values: Cohesion, Openness, Responsibility, and Equity.
Benefits
Competitive pay + equity - everyone shares in our success; Remote-first, flexible, and balanced - work that fits your life; Your setup, your choice - pick the gear that works for you; Twice-a-year gatherings - we meet in person for regional and global offsites to connect, collaborate, and strengthen our culture beyond the screen; We enable cybersecurity through inclusion - from code to culture.
Additional Information
- Fully remote company
- Remote-first, flexible, and balanced work environment
- Twice-a-year in-person gatherings (regional and global offsites)
- Employees can choose their own work setup and equipment
- Equal opportunity employer committed to diversity and inclusion
- Company values: Cohesion, Openness, Responsibility, and Equity