Senior Security Engineer
Remote, US
Applications have closed
Freedom of the Press Foundation
Freedom of the Press Foundation protects and defends adversarial journalism in the 21st century.Job Description
Freedom of the Press Foundation (FPF), a nonprofit organization dedicated to protecting, defending and empowering public-interest journalism, is looking for a full-time Senior Security Engineer to join the SecureDrop team.
SecureDrop is an open-source whistleblower submission system used by journalists to communicate with sources. SecureDrop is currently in use at approximately seventy news organizations worldwide, including The New York Times, The Washington Post, The Guardian, The Intercept, and ProPublica.
Responsibilities
As a Senior Security Engineer, you will help us continue to develop SecureDrop and the SecureDrop Workstation to make it more secure and usable for sources and journalists. Your responsibilities will include:
- Update SecureDrop’s threat models and the methodologies used to develop them: proactively identify risks, assess, propose mitigations and implement these mitigations
- Review and integrate security automation tooling such as static code analysers, vulnerability checkers, and other tools that can mitigate or discover security issues
- Perform code reviews for both internal and external software, and coordinate such reviews with other open source projects
- Manage third party audits, penetration tests, tabletop exercises and software security trainings
- Respond to security incidents and administer our bug bounty program
- Partner with our Digital Security team in championing security engineering culture and practices
- Provide guidance and mentorship to colleagues, to deepen understanding of application security
Requirements
- At least 3 years experience designing or attacking secure systems (threat modeling, penetration testing, security assessments, protocol design, cryptography, etc.)
- Passion for building free software to solve real world problems
- Strong knowledge of Linux systems and scripting languages, especially Python
- Strong knowledge of software development lifecycle, including vulnerability management, release engineering, and defending against supply chain attacks
Great to have
Familiarity with one or more of the following is a plus. This is a lot but we have a lot of varied projects that you could potentially contribute to!
- UX considerations in security engineering
- Secure operating systems (e.g.: Qubes, Tails)
- Using or developing security monitoring tools (e.g., intrusion detection systems, file integrity monitoring, malware analysis)
- Application development experience
- Experience developing, integrating or reviewing cryptographic libraries
- Incident response
- Rust or Go experience
- Working on Scrum/Agile teams
- Contributing to or managing open source projects
If you’re interested in our work, but don’t fit the above description, please reach out anyway. We like to work with smart, caring people, and a quick call might help us understand what you’ve got to offer.
Working with us
Freedom of the Press Foundation aims to tackle unusually hard—but interesting—security and usability problems. If you are passionate about making security tools more usable, participating in open-source development, empowering whistleblowers, or just like a challenge, we encourage you to get in touch.
The SecureDrop team is fully distributed. All candidates will be considered for remote work with occasional travel.
If you think you’d like to be a part of our team, please send a short cover letter, your GitHub username, and your resume with links to some samples of your work to <jobs+security@freedom.press>. Women, non-binary individuals, and BIPOC individuals are especially encouraged to apply.
This is a full-time role at a competitive non-profit salary. For US employees: FPF provides health, dental and vision insurance (via Aetna); 20 days of personal time off and 13 holidays; and a 401(k) program. Freedom of the Press Foundation matches your 401(k) contributions dollar for dollar, up to 4 percent of your gross salary.
Tags: Agile Application security Audits Automation Cryptography GitHub Incident response Intrusion detection Linux Malware Monitoring Nonprofit Open Source Pentesting Python Rust Scripting Scrum Security assessment Vulnerability management
Perks/benefits: Career development Competitive pay Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open IPS-related jobs