Application Security Engineer

Ends 22 Mar 2018 (in 3 days)

Location: San Francisco, CA or Remote
The Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You'll be working with other developers and security engineers to create new security features, review the security of other people's code, and help find and fix security bugs before they're exploited.
YOU ARE ...a smart security practitioner with experience building and auditing security features in large scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site. That should both frighten and thrill you.
You will be joining a team responsible for ensuring the security and integrity of applications written in PHP, Python, Ruby, Lua, Perl, JavaScript (Node.js) among others, using both relational and key-value data storage mechanisms. (Don't worry, you don't need to have had experience with all of those technologies.)
As an Application Security Engineer, we’d like you to do these things:
Triage and remediate reported security issues
Work with Security team members to build and maintain security features
Review and deploy features developed by the Foundation and community members
Work with other development teams to ensure that they make safe architectural and implementation choices
Constantly poke and abuse our software to find bugs before attackers do
We’d like you to have these skills:
The right person is better than the right set of experiences, these are the traits we’ve identified make great additions to our team so far.
Two or more years of application security experience, including thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25
Strong understanding of modern, object-oriented PHP development
Demonstrated ability to exploit and mitigate application-level vulnerabilities
Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning
Patience in explaining security issues and their implications on privacy to non-technical audiences
Sensitivity to the security challenges faced by participants in a large, international project
Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation
Strong knowledge of the use of a scripting language for system administration and automation
Experience using Linux/Unix at the command line for tasks related to web application development and deployment ("DevOps")
Ability to maintain focus when working remotely
And it would be even more awesome if you have this:
In addition to the basic skills needed for being successful these skills could set you apart from the pack!
Experience as a contributor in the Wikipedia or Wikimedia project communities
Experience contributing to a consensus-based open source project
Experience developing, maintaining, or administering authentication systems
In-depth experience developing or auditing client-side JavaScript
Experience with both relational and NoSQL/key-value data storage mechanisms
About the Wikimedia Foundation
The Wikimedia Foundation is the non-profit organization that supports and hosts Wikipedia and several other Wikimedia free knowledge sites. Every month, the Wikimedia sites are accessed by more than a billion unique devices. Wikipedia consists of more than 40 million articles across hundreds of languages. Every month, more than 250,000 volunteer editors contribute to Wikipedia. Based in San Francisco, California, the Wikimedia Foundation is an audited, 501(c)(3) non-profit that is funded primarily through donations and grants. It currently employs over 300 staff members.
At the Foundation, we build technology to help people everywhere access Wikipedia, across devices and in nearly 300 languages. We engineer privacy for our readers and editors so they can safely and securely explore Wikipedia. We create programs and initiatives to make Wikipedia freely available to more people in more parts of the world. We build new tools for the community of editors so they can continue to improve and grow Wikipedia. Roughly a quarter of our budget goes to supporting the community that make the site possible, including through grantmaking programs that enable volunteers and enrich the information on the sites.
The Wikimedia Foundation is an equal opportunity employer, and we encourage people with a diverse range of backgrounds to apply.
Benefits & Perks * 
Fully paid medical, dental and vision coverage for employees and their eligible families (yes, fully paid premiums!)
The Wellness Program provides reimbursement for mind, body and soul activities such as fitness memberships, baby sitting, continuing education and much more
The 401(k) retirement plan offers matched contributions at 4% of annual salary
Flexible and generous time off - vacation, sick and volunteer days, plus 19 paid holidays - including the last week of the year.
Family friendly! 100% paid new parent leave for seven weeks plus an additional five weeks for pregnancy, flexible options to phase back in after leave, fully equipped lactation room.
For those emergency moments - long and short term disability, life insurance (2x salary) and an employee assistance program
Pre-tax savings plans for health care, child care, elder care, public transportation and parking expenses
Telecommuting and flexible work schedules available
Appropriate fuel for thinking and coding (aka, a pantry full of treats) and monthly massages to help staff relax
Great colleagues - diverse staff and contractors speaking dozens of languages from around the world, fantastic intellectual discourse, mission-driven and intensely passionate people
* for benefits eligible staff, benefits may vary by location
More Information

Sign up to apply →

Posted on

Know a freelancer that can do this job?

Earn lifetime commission for every freelancer you refer, by becoming an affiliate. Find out more

Share this job: