Remote Application Security Engineer at Wikimedia Foundation Open Startup
RSS
API
Remote HealthPost a job

find a remote job
work from anywhere

The largest collection of Remote Jobs for Digital Nomads online. Get a remote job you can do anywhere at Remote Companies like Toptal, Zapier and Automattic who embrace the future. There are 43,550+ jobs that allow you to work anywhere and live everywhere.

The largest collection of Remote Jobs for Digital Nomads online. Get a remote job you can do anywhere at Remote Companies like Toptal, Zapier and Automattic who embrace the future. There are 43,550+ jobs that allow you to work anywhere and live everywhere.

Remote HealthPost a job

  Jobs

  People

👉 Hiring for a remote position?

Post a job
on the 🏆 #1 remote jobs board
Remote Health by SafetyWing
Global health insurance for freelancers & remote workers
Remote Health by SafetyWing
Global health insurance for freelancers & remote workers

Wikimedia Foundation


Application Security Engineer

closed

Application Security Engineer


Wikimedia Foundation


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nLocation: Remote/SF\n\nHours: 40 hours\n\nContract Length: Until end of June (6+ months)\n\n\nSummary\n\nThe Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You'll be working with other developers and security engineers to create new security features, review the security of other people's code, and help find and fix security bugs before they're exploited.\n\nYOU ARE ...a smart security practitioner with experience building and auditing security features in large scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site.\n\nYou will be joining a team responsible for ensuring the security and integrity of applications written in PHP, Python, Ruby, Lua, Perl, JavaScript (Node.js) among others, using both relational and key-value data storage mechanisms. (Don't worry, you don't need to have had experience with all of those technologies.)\n\nYou are responsible for:\n\n\n* Triaging and remediating reported security issues\n\n* Reviewing and deploying features developed by the Foundation and community members\n\n* Working with other development teams to ensure that they make safe architectural and implementation choices\n\n* Constantly poking and abusing our software to find bugs before attackers do\n\n* Providing application security concept reviews and help socialize application security best practice\n\n* Providing support for application security operations\n\n\n\n\nSkills and Experience:\n\nThe right person is better than the right set of experiences, these are the traits we’ve identified make great additions to our team so far.\n\n\n* Two or more years of application security experience, including thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25\n\n* Strong understanding of modern, object-oriented PHP development\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning\n\n* Patience in explaining security issues and their implications on privacy to non-technical audiences\n\n* Sensitivity to the security challenges faced by participants in a large, international project\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment\n\n* Ability to maintain focus when working remotely\n\n\n\n\nAdditionally, we’d love it if you have:\n\nIn addition to the basic skills needed for being successful these skills could set you apart from the pack!\n\n\n* Experience as a contributor in the Wikipedia or Wikimedia project communities\n\n* Experience contributing to a consensus-based open source project\n\n* Experience developing, maintaining, or administering authentication systems\n\n* In-depth experience developing or auditing client-side JavaScript\n\n\n\n\nThe Wikimedia Foundation is... \n\n...the nonprofit organization that hosts and operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge, and that everyone should be able to access that knowledge, free of interference. We host the Wikimedia projects, build software experiences for reading, contributing, and sharing Wikimedia content, support the volunteer communities and partners who make Wikimedia possible, and advocate for policies that enable Wikimedia and free knowledge to thrive. The Wikimedia Foundation is a charitable, not-for-profit organization that relies on donations. We receive financial support from millions of individuals around the world, with an average donation of about $15. We also receive donations through institutional grants and gifts. The Wikimedia Foundation is a United States 501(c)(3) tax-exempt organization with offices in San Francisco, California, USA.\n\nThe Wikimedia Foundation is an equal opportunity employer, and we encourage people with a diverse range of backgrounds to apply.\n\nMore information\n\nWMF\nBlog\nWikimedia 2030\nWikimedia Medium Term Plan\nDiversity and inclusion information for Wikimedia workers, by the numbers\nWikimania 2019\nAnnual Report - 2017 \nThis is Wikimedia Foundation \nFacts Matter\nOur Projects\nFundraising Report


See more jobs at Wikimedia Foundation

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
199ms