Remote Staff Software Security Engineer

Summary

Join the Wikimedia Foundation as a Staff Security Software Engineer to build new security technologies and protect Wikipedia and other projects. This is a hands-on engineering role working alongside the Product Security team to design and code new features.

Requirements

• +8 years of experience in the software engineering area with a focus on security
• Ability to work effectively in a modern, object-oriented PHP code-base
• Experience developing client-side JavaScript
• Experience in developing secure software or security-related product features
• A strong interest in working with a talented security team and learning more specialist security skills such as exploiting and mitigating application-level vulnerabilities
• Patience in explaining security issues and their implications on privacy and risk to non-technical audiences
• Sensitivity to the security challenges faced by participants in a large, international project
• Experience using Linux at the command line for tasks related to web application development and deployment
• Ability to maintain focus when working remotely

Responsibilities

• Help design and build MediaWiki security capabilities
• Mentor and lead a security development team
• Review and deploy security features developed by the Foundation and community members
• Work with other development teams to ensure that they make safe architectural and implementation choices
• Perform security maintenance and address technical debt in security-critical components
• Provide support for application security incidents and operations

Preferred Qualifications

• Experience working on anti-abuse mechanisms such as CAPTCHA and bot detection
• Previous experience building security countermeasures against attacks on technologies at the web, backend, and database level
• Experience finding and fixing security bugs and reviewing code for security gaps
• A working knowledge of threat modeling and secure design patterns