This job post is closed and the position is probably filled. Please do not apply. Work for Wikimedia Foundation and want to re-open this job? Use the edit link in the email when you posted the job!
\nSummary\n\nThe Wikimedia Foundation is looking for a Director of Security to ensure that rapid evolution of the Wikimedia software continues to preserve the security of the sites and the privacy of our users. We are looking for someone who is passionate about Wikimedia's mission to bring free knowledge to every person on the planet, and who will strive to help Wikimedia software developers learn to incorporate secure thinking into their development practice.\n\nThe Director of Security will join the other Engineering Directors at Wikimedia who support engineers and designers building features, products, and services used by hundreds of millions of people around the world. This is an opportunity to do good while improving the security, stability, scalability, and maintainability of one of the best known sites in the world.\n\nYOU ARE ... a smart, experienced security professional that understands all aspects of security in a top web property. You have significant software security experience in large scale systems. You understand and enjoy running security operations. You know how to create and operate incident response systems. You have experience counseling engineering and non-engineering teams about the privacy and security implications of their projects and data releases, are familiar with the benefits and vulnerabilities of different anonymization techniques, and can swiftly and effectively manage security incidents. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You know how to build software correctly and hold others to the same high standards. You understand the principles of open source software development and the importance of community building. You have experience with and enjoy building and mentoring security teams. You enjoy being part of a large, vibrant, passionate and involved community.\n\nYou will be leading a team responsible for ensuring the security and integrity of applications written in PHP, Python, JavaScript (Node.js) among others, using both relational and key-value data storage mechanisms.\n\n\nAs a Director of Security, we’d like you to do these things:\n\n\n* Develop a threat model for the Wikimedia Foundation and all our projects and define the right security profile in collaboration with your peer group and our IT department.\n\n* Run day-to-day security operations for the Wikimedia Foundation, including our community-facing and enterprise systems.\n\n* Design incident response policies and execute incident response processes.\n\n* Design and deploy account and content abuse detection mechanisms.\n\n* Refine and improve access controls and audits.\n\n* Lead security and privacy incident handling and response.\n\n* Manage external security audits and pen tests and implement mitigation strategies to address discovered vulnerabilities.\n\n* Serve as a subject matter expert on application security, communicating its impact on security, risk, and compliance decisions.\n\n* Manage a team of up to six members, leading performance reviews, hiring, goal-setting, compensation planning, and career development.\n\n* Design and develop security-centric enhancements of Wikimedia systems.\n\n* Conduct security reviews of software designs and implementations.\n\n* Deploy security patches to Wikimedia websites.\n\n* Prepare periodic security releases of MediaWiki software.\n\n* Define and manage department budget.\n\n* Work with peer groups such as Legal, Office IT, Finance, Advancement and others in the Foundation to define:\n\n\n\n* Strategies for addressing security and privacy concerns;\n\n* Initiatives to maintain security as related to software design, development, documentation, and release; and\n\n* Practices to ensure the privacy, security, and integrity of data throughout the collection, access, analysis, release, and retention processes.\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Executive and JavaScript jobs that are similar:\n\n
$80,000 — $120,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
# How do you apply?\n\nThis job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.