[liberationtech] JOB: Avaaz is looking for a Security Engineer (Remote-based)
Matthew Reggers
matthew at avaaz.org
Tue May 5 05:15:30 CEST 2020
Avaaz is a campaigning organisation that reaches tens of millions of
citizens every week with opportunities to change the world. This includes
protecting our planet from climate change and other threats, fighting to
stop social media from undermining our democracies, and deepening human
connection.
Our staff are based all over the world. Applicants from any timezone may
apply. Avaaz will support you to set up a home or co-working environment
that leads to excellence in delivery and long-term sustainability.
Link to job post:
https://secure.avaaz.org/campaign/en/hiring/#op-385847-security-engineer
What the position involves
The Security Engineer will be part of a team that has responsibility for
all security aspects of the organization’s technology, systems,
communications, and staff. We are seeking a candidate with a strong
technical background, hands-on experience implementing security across the
full breadth of the technology stack and a strong ability to provide
balanced and actionable security solutions for Avaaz.
Specific responsibilities include:
-
Design and implement security solutions across all technology that Avaaz
runs.
-
Align security of Avaaz applications and infrastructure to security best
practices.
-
Provide continued compliance of the organization with applicable
security and data protection standards (e.g. GDPR).
-
Provide security advice on proposed new technologies, projects and
campaigns.
-
Perform security monitoring/operations tasks and incident response.
-
Identify new security solutions and tools to improve Avaaz security.
-
Assist in user security education and security awareness training and
campaigns.
Our ideal candidate will have these skills/experience
-
Familiarity and solid knowledge of how cloud-hosted modern web
applications are designed, built and deployed. In particular, design-level
and hands-on implementation experience with AWS and GCP.
-
Experience in designing and implementing solutions to protect
applications, networks and infrastructure from threats.
-
Strong Python and shell scripting skills, primarily with the focus of
implementing security solutions and automating security processes.
-
Solid understanding of zero trust network/BeyondCorp principles and
designing security solutions that follow those principles.
-
Ability to look at a new technology or project and then quickly apply
security principles/best practices to make prioritised recommendations to
secure the technology/project
-
Highly flexible with rapidly-shifting needs and priorities
-
Delivery-oriented with high attention to detail and without paralyzing
perfectionism
-
Ability to deliver complex technical subjects to technical and
non-technical audiences.
Bonus points for having these skills/experience
-
Experience performing security monitoring/operations (SIEM, WAF, IDS,
log analysis, etc.)
-
Broad application security exposure (across secure coding and
architecture, common application security vulnerabilities, threat modeling,
and/or vulnerability management)
-
Familiarity identifying and deploying technologies that enable secure
online communications.
-
Experience in providing security advice/consulting for technology
projects (either internal or external to an organisation)
-
Experience in security configuration of computers and mobile devices. In
particular, strong macOS, Android and iPhone management, security and
troubleshooting experience.
-
Exposure to security incident response processes and execution.
-
Experience in engaging and managing external vendors to conduct security
testing and managing remediation of vulnerabilities.
Where to apply
Apply here:
https://secure.avaaz.org/campaign/en/hiring/#op-385847-security-engineer
Thanks,
Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200505/8faa41ed/attachment.html>
More information about the LT
mailing list