With over 225 million users in 196 countries, Change.org is the world’s largest technology platform for social change. Our team spans 18 countries and empowers hundreds of millions of people to have a voice and fight injustice. We’re a social impact business, and we’re aiming to build a world where no one is powerless and where creating change is a part of everyday life.
About the role:
Change.org is seeking a Sr. Security Engineer who will be part of the team responsible for managing and monitoring our global infrastructure and applications. As a member of our team, you’ll ensure that activists all over the world can securely participate in Change.org actions and truly help make a positive impact on the world. We’re facing exponential growth, so the scaling and data security projects such as auto scaling to handle viral petitions, access control and data encryption, are very interesting. In this role you’ll work on our high traffic website and projects related to autoscaling, globalizing, geo-spanning our data, or massively caching the world to bring the information pages closer and closer to our end users all over the world. The security and privacy of our users are paramount, and you will help achieve it.
This position reports to the VP of Infrastructure, Performance & Security. The ideal candidate has experience with application and infrastructure security as well as time in the chair as an operator/troubleshooter. We’re ideally looking for a true generalist, who is comfortable at several different layers in the stack. We’re growing rapidly around the globe, and there is ample opportunity for each engineer to put their stamp on parts of our architecture.
When we get busy, it’s likely that we’re making headline news somewhere. It is a distinct pleasure to know we are providing a safe site that is empowering people all over the world. The DevOps team takes great pride in using our powers for good.
As a member of our team, you will:
- Work with constituent engineering teams in building out a secure global service oriented architecture.
- Develop, schedule, and execute automated security audits on infrastructure using industry standard security frameworks and tooling.
- Write penetration tests for applications and services.
- Document current and future security procedures and policies.
- Remediate and write post-mortem reports on security-related issues.
- Be actively involved in design, implementation, and maintenance of infrastructure security across multiple environments.
- Train and socialize security best practices across the company.
This describes you:
- You have strong experience with various web application security frameworks and tools.
- You have written application security penetration tests with an open source framework.
- You have experience in Linux/UNIX systems engineering and administration.
- You are familiar with cloud platforms such as AWS or GCP.
- You can jump into situations with few guardrails and make things better.
- Ability to work in a proactive manner and manage your own queue.
- Experience with SOC-2 or other compliance frameworks.
- Experience with data privacy requirements.
- Proficient in bash shell scripting (sed + awk) and either Ruby or Python.
- Automation experience with configuration management tools such as Chef, Ansible, or Puppet.
We have a collaborative environment and encourage and support our employees’ growth. We don’t expect candidates to have expertise across every item listed here.
Interested? Great! Here's what you should know:
This is a full-time opportunity in San Francisco, CA, USA.
Change.org is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities and perspectives to apply.
All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.