[Full-time] Senior Application Security Engineer at Wikimedia Foundation
Location: WorldwideURL: https://grnh.se/d30862811usDescription: Summary The Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You’ll be working with other developers and security engineers to create new security features, review the security of other people’s code, and help find and fix security bugs before they’re exploited. YOU ARE …a smart security practitioner with experience building and auditing security features in large-scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site. You will be working primarily on our MediaWiki platform which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing new security challenges
URL: https://grnh.se/d30862811us
Description:
Summary
The Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You’ll be working with other developers and security engineers to create new security features, review the security of other people’s code, and help find and fix security bugs before they’re exploited.
YOU ARE …a smart security practitioner with experience building and auditing security features in large-scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site.
You will be working primarily on our MediaWiki platform which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing new security challenges such as supporting modern authentication technologies, detecting and preventing platform abuse from bots, and planning and rolling out improvements to our security architecture by defending against emerging security threats.
You are responsible for:
Triage and remediate reported security issues
Review and deploy features developed by the Foundation and community members
Work with other development teams to ensure that they make safe architectural and implementation choices
Constantly poke and abuse our software to find bugs before attackers do
Provide application security concept reviews and help socialize application security best practice
Provide support for application security incidents and operations
Skills and Experience:
+5 years of application security experience, including a thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25
Strong understanding of modern, object-oriented PHP development
In-depth experience developing or auditing client-side JavaScript
Demonstrated ability to exploit and mitigate application-level vulnerabilities
Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning
Sensitivity to the security challenges faced by participants in a large, international project
Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation
Experience using Linux at the command line for tasks related to web application development and deployment
Qualities that are important to us:
Patience in explaining security issues and their implications on privacy to non-technical audiences
Ability to maintain focus when working remotely
Additionally, we’d love it if you have:
Experience as a contributor in the Wikipedia or Wikimedia project communities
Experience contributing to a consensus-based open-source project
Experience developing, maintaining, or administering authentication systems
About the Wikimedia Foundation
The Wikimedia Foundation is the nonprofit organization that operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge and that everyone should be able to access that knowledge freely. We host Wikipedia and the Wikimedia projects, build software experiences for reading, contributing, and sharing Wikimedia content, support the volunteer communities and partners who make Wikimedia possible, and advocate for policies that enable Wikimedia and free knowledge to thrive.
The Wikimedia Foundation is a charitable, not-for-profit organization that relies on donations. We receive donations from millions of individuals around the world, with an average donation of about $15. We also receive donations through institutional grants and gifts. The Wikimedia Foundation is a United States 501©(3) tax-exempt organization with offices in San Francisco, California, USA.
As an equal opportunity employer, the Wikimedia Foundation values having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace. We encourage people with a diverse range of backgrounds to apply. We do not discriminate against any person based upon their race, traits historically associated with race, religion, color, national origin, sex, pregnancy or related medical conditions, parental status, sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, or any other legally protected characteristics.
The Wikimedia Foundation is a remote-first organization with staff members including contractors based 40+ countries*. Salaries at the Wikimedia Foundation are set in a way that is competitive, equitable, and consistent with our values and culture. The anticipated annual pay range of this position for applicants based within the United States is US$109,047 to US$169,455 with multiple individualized factors, including cost of living in the location, being the determinants of the offered pay. For applicants located outside of the US, the pay range will be adjusted to the country of hire. We neither ask for nor take into consideration the salary history of applicants. The compensation for a successful applicant will be based on their skills, experience and location.
*Please note that we are currently able to hire in the following countries: Australia, Austria, Bangladesh, Belgium, Brazil, Canada, Colombia, Costa Rica, Croatia, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Ghana, Greece, India, Indonesia, Ireland, Israel, Italy, Kenya, Mexico, Netherlands, Nigeria, Peru, Poland, Singapore, South Africa, Spain, Sweden, Switzerland, Uganda, United Arab Emirates, United Kingdom, United States of America and Uruguay. Our non-US employees are hired through a local third party Employer of Record (EOR).
We periodically review this list to streamline to ensure alignment with our hiring requirements.
All applicants can reach out to their recruiter to understand more about the specific pay range for their location during the interview process.
If you are a qualified applicant requiring assistance or an accommodation to complete any step of the application process due to a disability, you may contact us at recruiting@wikimedia.org or +1 (415) 839-6885.
Apply to this job
What's Your Reaction?