Avaaz reaches tens of millions of citizens every week with opportunities to change the world. This includes protecting our planet from climate change and other threats, fighting to stop social media from undermining our democracies, and deepening human connection.
Our tech and security needs are growing, and we’re now looking for a Senior Security Engineer to join our tight-knit group of outstanding professionals, working from home in 25 countries. If you’re up for an adventure, read on…
Some of the things we’ve been working on are...
- A system for citizens to report disinformation ahead of the EU and US elections
Reporting on how YouTube’s recommendation algorithm promotes climate denial
- Connecting citizens stuck at home during the coronavirus pandemic
- Providing our campaigns team with detailed statistics to measure campaign success
Improving our architecture and modernizing our legacy software stack.
The Senior Security Engineer will be part of the security team that has responsibility for all security aspects of the organization’s technology, systems, communications, and staff. We are seeking a candidate with a strong technical background, hands-on experience implementing security across the full breadth of our technology stack, and a strong ability to provide balanced and actionable security solutions for Avaaz.
Specific responsibilities include:
- Design, implement and build security solutions across all technology that Avaaz runs.
- Identify and apply relevant security best practices across Avaaz applications and infrastructure.
Provide continued compliance of the organization with applicable security and data protection standards (e.g. GDPR, PCI).
- Provide security advice on proposed new technologies, projects and campaigns.
- Perform security monitoring/operations tasks and incident response.
- Identify new security solutions and tools to improve Avaaz security.
- Lead staff security education and security awareness training and campaigns.
Required skills and experience:
- Extensive experience implementing and securing Amazon AWS and Google Cloud Platform
- In-depth knowledge of secure network, systems, and application design and architecture
- Experience with infrastructure as code (Ansible/Puppet/Chef/others).
- Strong Python and shell scripting skills, primarily with the focus of implementing security solutions and automating security processes.
- Strong knowledge of how cloud-hosted modern web applications are designed, built, deployed, and secured.
- Ability to lead investigations and responses to major security incidents and issues.
- Fluency in English.
Desired skills and experience:
- Solid understanding of zero trust network/BeyondCorp principles and designing security solutions that follow those principles.
Experience in a range of application security best practices (common vulnerabilities and countermeasures, secure coding approaches, secure application architectures, threat modeling, static analysis, etc.).
- Knowledge of macOS and Linux security hardening/monitoring techniques
- Experience in configuration of computers and mobile devices. In particular, strong macOS, Android and iPhone management, security and troubleshooting experience.
- Experience implementing security tools related to enterprise log management, IPS/IDS, anti-virus, firewalls, proxies, WAF and SIEM solutions.
Avaaz is a movement that brings together 55 million citizens from across the world, with a mission to help solve some of the world’s biggest problems. Its entire budget comes from small citizen donations, meaning Avaaz is independent and able to take on organisations such as Facebook, Monsanto and the Murdoch media which many other groups cannot.
Avaaz is a fully virtual organisation, coordinating work using email, Skype and other tools. Our staff are based all over the world. Applicants from any timezone may apply. Avaaz will support you to set up a home or co-working environment that leads to excellence in delivery and long-term sustainability.
Compensation and Benefits
Compensation varies with location and experience, but is highly competitive with leading nongovernmental organisations. Benefits also range with location, but include 5 weeks paid vacation per year (prorated as applicable).