Security Developer, Type of Position: Full-Time, 8 months Contract
WHO WE ARE
Anytime, Anywhere, Any Computer Access. At Raising the Floor, weÃ¢ÂÂre an international coalition of individuals and organizations dedicated to ensuring that the Internet, and everything available through it, is accessible to people with accessibility barriers due to disability, literacy, digital literacy, or aging, and regardless of their economic resources. Our vision is to revolutionize the landscape of assistive technology by creating an infrastructure to facilitate the development, distribution, and support of a wide range of affordable accessibility solutions around the world. That is, the Global Public Inclusive Infrastructure (GPII).
You will help a team of bright and talented developers located across continents who are passionate about our vision, that of radically improving the access to technology. How? By helping to develop associated system that supports the Ã¢ÂÂportabilityÃ¢ÂÂ of user preferences across any platform or device -- that makes it easier for anyone to be able to have the technology they encounter automatically change into a form they can understand and use.
WHAT WILL YOU DO
- Work with the development team to secure the Global Public Inclusive Infrastructure (GPII) application and architecture against attacks and intrusion.
- Advise on regulations and laws that GPII needs to comply with, including a specific list of concrete technologies and processes that need to be implemented in different scenarios where the GPII applications will be used with (public cloud, on premises servers, etc.) so the application is compliant.
- Identify common threats that the GPII may be vulnerable to, assessing the extent to which we have strategies for protecting against them, and devising and co-implementing an architecture for protecting against those issues that we donÃ¢ÂÂt currently address, e.g., credentials theft, etc.
- Work with the infrastructure team to set up an automated, periodic security audit system using a security scanner/reporting tool (e.g. Nessus, Metasploit, etc) and expose / synthesize results.
WHAT WE ARE LOOKING FOR
- 10+ years experience implementing code for secure web-based authorization flows, especially including, but not limited to OAuth 2.
- Experience developing (and preferably also securing) Node.js applications.
- Experience in securing communications at the transport level, including securing TLS negotiation, certificate management and DNSSec.
- Familiar with the underlying algorithms and libraries which are invoked during the process of setting up a secure connection to an HTTPS server, and how this process may be subverted, and be able to set up test fixtures which probe an installation for vulnerabilities in this area (either by writing code or by configuring a prebuilt toolkit).
- Knowledge and experience deploying, maintaining, and using security scanning/reporting software (e.g. Nessus, Metasploit, arachni, w3af, etc.), including using fuzzing techniques.
- Experience securing applications on multiple operating systems including Windows, Linux and Mac.
- Experience working in and submitting pull requests to open source projects, applying software development methodologies and strategies appropriate to open source collaboration.
- Experience writing comprehensive unit and acceptance tests for all aspects of the developed
Raising the Floor - US Inc, an equal opportunity/affirmative action employer, complies with all applicable US federal and state laws and regulations regarding nondiscrimination and affirmative action; all qualified applicants will receive consideration for employment. Raising the Floor - US is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, religion, sex, national origin, physical or mental disability, protected veteran status, age, gender identity or expression, sexual orientation, creed, marital status, political affiliation, personal appearance, or on the basis of rights secured by the First Amendment, in all aspects of employment.
To apply: Send resume or CV to email@example.com