In coordination with FPF’s other engineers and researchers, the contractor will:
Conduct application security reviews across SecureDrop components.
Assist in performing threat modeling for new features and architectural changes.
Review pull requests and design documents with a focus on the security properties of new features and the security implications of architectural changes.
Assist in preparing materials for and reviewing findings from third-party security audits.
Advise on hardening strategies for SecureDrop’s deployment environments.
Review and integrate security automation tooling, such as LLMs, static code analyzers, and other tools that can mitigate or discover security vulnerabilities.
At least three-plus years experience designing or attacking secure systems (threat modeling, penetration testing, security assessments, protocol design, etc.).
Production coding experience using at least two of the following: Python, Typescript, or Rust.
Strong working knowledge of Linux systems security (kernel hardening, AppArmor, SELinux, etc.).
Experience identifying and reasoning about browser/web vulnerabilities (XSS) and Electron-specific issues (file handling, IPC, etc.).
Comfort working with open source projects in a collaborative, distributed team environment.
One-plus year of professional experience with Qubes OS, Tails, or other high-security desktop environments.
One-plus year of professional incident response experience.
Using or developing security monitoring tools (e.g., intrusion detection systems, file integrity monitoring).
Familiarity with Tor, onion services, OpenPGP, and other privacy-enhancing technologies.
This is a part-time, hourly contract — the contractor will be paid at a rate of USD $80 per hour, up to 30 hours per week, invoiced on a monthly basis. The contractor will be solely responsible for paying any and all taxes incurred as a result of their compensation.
The contract will commence on a mutually agreeable date no later than Aug. 1 for an initial duration of six months, with the possibility of renewal.
If you would like to be considered for this opportunity, please submit the following:
A brief statement of interest (one-page maximum), which includes your availability (hours per week in U.S. Eastern time and any known constraints). Please do so by including that text in the space labeled “Cover Letter.”
Please be sure to include relevant experience or examples of prior work (links to GitHub, write-ups, audits, etc.).
A CV/résumé.
...Uphold site safety and cleanliness at all times. COMMITMENT TO DIVERSITY As an equal opportunity employer committed to meeting the... ..., sexual orientation or disability, and actively foster inclusion in all forms both within our company and across interactions with...
...Manufacturing Engineer who will focus on process improvement/continuous improvement of their processes. They will utilize Lean Manufacturing techniques, 5S, Six Sigma and Kaizen events.This Manufacturing Engineer will also work on facility infrastructure identifying maintenance...
...Sooner Station Senior Living of Norman is looking for full time and part time Certified Medication Aides for our Community About Discovery Management Group Discovery Management Group leads one of the nations most purpose-driven and people-centered senior living...
...Agency: Office of the Attorney General Working Title: SENIOR INVESTIGATOR - 41000122Pay Plan: SES Position Number:41000122... ...investigations, including obtaining and maintaining certification as a EEO Investigator and as a Certified Inspector General Investigator....
Steel Detailer - Large-Scale Structural Steel & Misc. Metals Fabrication We're seeking a highly skilled Steel Detaile to join our team and ensure the accuracy and quality of shop and erection drawings for complex structural steel and misc. metals projects. This is a great...