The Wikimedia Foundation
The Wikimedia Foundation is the nonprofit organization that operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge, and that everyone should be able to access that knowledge freely.
Responsibilities
- Helping design, develop, and deliver security features, with safety and security in mind
- Working with other engineering teams to ensure that they make safe and compliant architectural and implementation choices
- Leading by example in code review, decision-making, and team culture — fostering transparency, empathy, and collaboration
- Developing, reviewing, and deploying security features developed by the Foundation and community members
- Conducting internal and external security and privacy reviews
- Performing maintenance and addressing technical debt in security and privacy-critical components
- Providing support for application security and privacy incidents and operations
Requirements
- 5+ years of experience as a software engineer, ideally with focus on security or privacy
- Ability to work effectively in a modern web application — our stack is mostly PHP and JavaScript
- Driving technical quality and operational excellence by defining and reinforcing standards in testing, observability, and system reliability
- Comfortably and autonomously creating proofs of concept, writing design documents, and breaking down complex projects into actionable tasks to support less experienced team members
- Experience in developing secure software or security and privacy-related product features
- A strong interest in working with a talented security team and learning more specialist security skills such as exploiting and mitigating application-level vulnerabilities
- Ability to explain complex security issues and their implications on privacy and risk to non-technical audiences
- Sensitivity to the security and privacy challenges faced by participants in a large, international project
- Experience working in a remote, distributed team
Nice to Have
- Experience working on anti-abuse mechanisms, such as detecting bots or coordinated activity
- Previous experience building security countermeasures against attacks on technologies at the web, backend, and database level
- Experience finding and fixing security bugs and reviewing code for security gaps
- A working knowledge of threat modeling, secure design patterns and privacy by design
- Prior experience with MediaWiki or Wikimedia projects
- Contributions to open-source software