RFP -- Security Researcher

Work from home Full-time role Hiring

Scope of work In coordination with FPF’s other engineers and researchers, the contractor will: Conduct application security reviews across SecureDrop components. Assist in performing threat modeling for new features and architectural changes. Review pull requests and design documents with a focus on the security properties of new features and the security implications of architectural changes. Assist in preparing materials for and reviewing findings from third-party security audits. Advise on hardening strategies for SecureDrop’s deployment environments. Review and integrate security automation tooling, such as LLMs, static code analyzers, and other tools that can mitigate or discover security vulnerabilities. Desired qualifications At least three-plus years experience designing or attacking secure systems (threat modeling, penetration testing, security assessments, protocol design, etc.). Production coding experience using at least two of the following: Python, Typescript, or Rust. Strong working knowledge of Linux systems security (kernel hardening, AppArmor, SELinux, etc.). Experience identifying and reasoning about browser/web vulnerabilities (XSS) and Electron-specific issues (file handling, IPC, etc.). Comfort working with open source projects in a collaborative, distributed team environment. Preferred skills One-plus year of professional experience with Qubes OS, Tails, or other high-security desktop environments. One-plus year of professional incident response experience. Using or developing security monitoring tools (e.g., intrusion detection systems, file integrity monitoring). Familiarity with Tor, onion services, OpenPGP, and other privacy-enhancing technologies. Terms of contract This is a part-time, hourly contract — the contractor will be paid at a rate of USD $80 per hour, up to 30 hours per week, invoiced on a monthly basis. The contractor will be solely responsible for paying any and all taxes incurred as a result of their compensation. The contract will commence on a mutually agreeable date no later than Aug. 1 for an initial duration of six months, with the possibility of renewal. Proposal requirements If you would like to be considered for this opportunity, please submit the following: A brief statement of interest (one-page maximum), which includes your availability (hours per week in U.S. Eastern time and any known constraints). Please do so by including that text in the space labeled “Cover Letter.” Please be sure to include relevant experience or examples of prior work (links to GitHub, write-ups, audits, etc.). A CV/résumé. Apply To This Job

Apply

RFP -- Security Researcher

You might like

Care Coordinator, RN-Preadmission

Firewall Engineer

CAD Designer - On-Call

Epic Cogito / Business Intelligence Developer

WAN Network Engineer

Senior Site Reliability Engineer, Infrastructure Foundations

CareDriver Support Manager

Infrastructure Support Network Engineer

Staff Developer Advocate, Enterprise

Sr Director, Professional Services Management

Experienced Customer Support Representative – Global Entertainment Company

Experienced Bilingual Customer Service Representative (Remote) – Identity Theft Resolution and Consumer Fraud Support

Experienced Data Entry Clerk – Entry Level Remote Opportunity at arenaflex

Experienced Part-Time Remote Data Entry Clerk – Flexible Work Arrangements at arenaflex

Business Intelligence Analyst V

Experienced Data Entry Associate – Remote Opportunity at arenaflex

Experienced Content Operations Associate – Remote Work Opportunity at arenaflex

Sr Finance Analyst - Field (Remote Anywhere)

Experienced Full Stack Data Entry Manager – Remote Work Opportunity at arenaflex

Senior Software Engineer