Freedom of the Press Foundation (FPF), a San Francisco and New York-based nonprofit organization dedicated to protecting and defending public interest journalism, is looking for a Senior Software Engineer to join the SecureDrop development team.

About SecureDrop

SecureDrop is an open-source whistleblower submission system used by journalists to communicate with sources. Through its hardened architecture and the use of the Tor network, it offers whistleblowers strong security and anonymity protections. SecureDrop is used by more than 60 news organizations worldwide, including The New York Times, The Washington Post, The Guardian, Associated Press, and The Intercept.
About this position

As Senior Software Engineer, you will be part of the SecureDrop core development team. You will be responsible for development tasks related to the current SecureDrop server and Tails OS workstation code, as well as the next-generation SecureDrop Workstation based on Qubes OS.

You will also participate in internal code review and facilitate external security audits of the application code. On occasion, you will advise and assist news organizations with the installation, setup and maintenance of SecureDrop in their newsrooms.

In addition to the possibility of working in our New York City or San Francisco offices, this position is open to remote work from anywhere in the world.

Skills and Experience

Required:

• 5+ years of experience as a software engineer in a demanding production environment
• 4+ years experience with Python development, and familiarity with at least one common Python web framework (Flask, Django, etc.)
• Experience with Git, continuous integration, and build automation
• Experience writing unit and integration tests
• Experience conducting security reviews and testing web applications for vulnerabilities
• Experience working as part of collaborative team processes, including routine peer review of code contributions

• Passion for writing free software to solve real world problems

Great to have:

• Experience integrating, developing or maintaining cryptographic libraries and components
• Experience with threat modeling, penetration testing, vulnerability management, incident response and security assessments (ideally as part of a Secure Software Development Lifecycle Process)
• Experience with Ansible, Salt, or other configuration management tools
• Experience with common virtualization techniques (e.g., Xen, KVM)
• Track record of contributions to free/libre and open source software (FLOSS) projects

What you’ll be working on

Here are examples for the kinds of tasks the person in this role could be taking on in the first 6 months:

• Performing code reviews for contributions from the SecureDrop core development team and the larger SecureDrop community
• Applying and maintaining quantitative threat models to assess the security properties of current and proposed functionality/architecture
• Leading development of an administration interface for SecureDrop settings that are currently managed on the command line
• Implementing new features for the new Qubes OS-based SecureDrop Workstation, such as tools for submission metadata inspection and removal
• Prototyping client-side encryption for journalist and source communication
• Extending API functionality to enable new features for the upcoming SecureDrop Qt-based journalist GUI
• Partnering with security consultants for penetration testing and audits of the SecureDrop architecture
• Leading migration of SecureDrop’s onion services to the latest version (v3)

Working with us

This is a unique opportunity to be part of a small team that is making it possible for newsrooms to manage their most sensitive submissions, from the next big story about abuse of government power to the exposure of corruption at the local level. Three engineers are currently working on SecureDrop full-time: Lead Developer Jennifer Helsby, Newsroom Support Engineer Kevin O’Gorman and Software Engineer Kushal Das.

If you’d like to be a part of our team, please send a short cover letter and your resume via email (see the original post for the address) by November 27, 2018. Please include links to your prior technical work where appropriate. Non-binary individuals, women and minorities are strongly encouraged to apply.

Benefits of the job include a competitive nonprofit salary, health (United Healthcare Select Plus) and dental insurance, 20 days of personal time off, 13 paid holidays plus the week between Christmas and New Year’s Day, 401(k) program with employer match, and commuter benefits. We are happy to answer any questions about these benefits. We value work-life balance, and we try to foster a kind, inclusive and collaborative culture.