In coordination with FPF’s other engineers and researchers, the contractor will:
Conduct application security reviews across SecureDrop components.
Assist in performing threat modeling for new features and architectural changes.
Review pull requests and design documents with a focus on the security properties of new features and the security implications of architectural changes.
Assist in preparing materials for and reviewing findings from third-party security audits.
Advise on hardening strategies for SecureDrop’s deployment environments.
Review and integrate security automation tooling, such as LLMs, static code analyzers, and other tools that can mitigate or discover security vulnerabilities.
At least three-plus years experience designing or attacking secure systems (threat modeling, penetration testing, security assessments, protocol design, etc.).
Production coding experience using at least two of the following: Python, Typescript, or Rust.
Strong working knowledge of Linux systems security (kernel hardening, AppArmor, SELinux, etc.).
Experience identifying and reasoning about browser/web vulnerabilities (XSS) and Electron-specific issues (file handling, IPC, etc.).
Comfort working with open source projects in a collaborative, distributed team environment.
One-plus year of professional experience with Qubes OS, Tails, or other high-security desktop environments.
One-plus year of professional incident response experience.
Using or developing security monitoring tools (e.g., intrusion detection systems, file integrity monitoring).
Familiarity with Tor, onion services, OpenPGP, and other privacy-enhancing technologies.
This is a part-time, hourly contract — the contractor will be paid at a rate of USD $80 per hour, up to 30 hours per week, invoiced on a monthly basis. The contractor will be solely responsible for paying any and all taxes incurred as a result of their compensation.
The contract will commence on a mutually agreeable date no later than Aug. 1 for an initial duration of six months, with the possibility of renewal.
If you would like to be considered for this opportunity, please submit the following:
A brief statement of interest (one-page maximum), which includes your availability (hours per week in U.S. Eastern time and any known constraints). Please do so by including that text in the space labeled “Cover Letter.”
Please be sure to include relevant experience or examples of prior work (links to GitHub, write-ups, audits, etc.).
A CV/résumé.
...Scope of work In coordination with FPFs other engineers and researchers, the contractor will: Conduct application security reviews across SecureDrop components. Assist in performing threat modeling for new features and architectural changes. Review pull requests...
Position Overview: We are seeking a motivated Bioinformatics Research Associate II to join the Next Generation Sequencing (NGS) Core group to support genomic analyses of multiple therapeutic modalities within the Genomic Medicine Unit (GMU) CMC organization. The role is...
...Inspections Division Job Classification Title Wage And Hour Investigator I (S) Position Number Grade NC08 About Us The... ...; or an equivalent combination of education and experience. EEO Statement T he State of North Carolina is an Equal Employment...
...Luxury Travel Advisor Job Summary We are seeking a passionate and detail-oriented Luxury Travel Advisor to join our team. The ideal candidate will specialize in designing high-end, personalized travel experiences for discerning clients. This role involves curating...
Job ID: 518520 Oldcastle APG, a CRH Company, is North Americas leading provider of innovative outdoor living solutions that enable customers to Live Well Outside. The manufacturers portfolio of premier building products inspires endless possibilities while providing...