Senior Application Security Engineer
at Wikimedia Foundation
Berlin, Berlin, Germany -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 06 Nov, 2024 | USD 109047 Annual | 08 Aug, 2024 | 5 year(s) or above | Color,Eor,Web Application Security,Encryption,Linux,Contractors,Denmark,Consideration,Costa Rica,Web Application Development,Manual Testing,Javascript,Bangladesh,Sensitivity,Cryptography | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
SUMMARY
The Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You’ll be working with other developers and security engineers to create new security features, review the security of other people’s code, and help find and fix security bugs before they’re exploited.
YOU ARE …a smart security practitioner with experience building and auditing security features in large-scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site.
You will be working primarily on our MediaWiki platform which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing new security challenges such as supporting modern authentication technologies, detecting and preventing platform abuse from bots, and planning and rolling out improvements to our security architecture by defending against emerging security threats.
SKILLS AND EXPERIENCE:
- +5 years of application security experience, including a thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25
- Strong understanding of modern, object-oriented PHP development
- In-depth experience developing or auditing client-side JavaScript
- Demonstrated ability to exploit and mitigate application-level vulnerabilities
- Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning
- Sensitivity to the security challenges faced by participants in a large, international project
- Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation
- Experience using Linux at the command line for tasks related to web application development and deployment
Responsibilities:
- Triage and remediate reported security issues
- Review and deploy features developed by the Foundation and community members
- Work with other development teams to ensure that they make safe architectural and implementation choices
- Constantly poke and abuse our software to find bugs before attackers do
- Provide application security concept reviews and help socialize application security best practice
- Provide support for application security incidents and operations
REQUIREMENT SUMMARY
Min:5.0Max:10.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Graduate
Proficient
1
Berlin, Germany