The Mom Project Hiring for Software Engineer (100% Remote) Job at San Francisco, CA Full Time

Our client, a nonprofit organization dedicated to protecting and defending public interest journalism, has multiple openings for Systems/Software Engineers to join the (fully-remote) SecureDrop team.

About SecureDrop

SecureDrop is an open-source whistleblower submission system used by journalists to communicate with sources. Through its hardened architecture and the use of the Tor network, it offers whistleblowers strong security and anonymity protections. SecureDrop is used by more than 70 news organizations worldwide, including The New York Times, The Washington Post, The Guardian, and The Intercept.

What we’re looking for:
We are looking for engineers that will work on SecureDrop’s two main components:

SecureDrop Server: a whistleblowing system deployed on hardened Ansible-managed Ubuntu servers, hosting two Python web applications available as onion services over the Tor Network.

SecureDrop Workstation (Beta): a platform built on top of Qubes OS to make SecureDrop faster and simpler for journalists to use. It consists of multiple Python GUI applications and services that span across a suite of SaltStack-provisioned, task-specific virtual machines. This is close to ready for wider production use as we near the end of our pilot program.

We’re especially looking for folks with experience in one or more of these areas:

Python application development in security-sensitive domains

Desktop GUI development (preferably using Qt or another Linux-compatible framework)

Configuration management using Salt or Ansible

Reproducible builds using Debian-based package management

Experience in any of these areas is a huge plus:
Threat modeling, penetration testing, vulnerability management, and incident response

Development or integration of cryptographic libraries

Qubes, Tails, Tor, and other privacy/security technologies

Use of Rust, for personal projects or real-world applications

Creating design specifications and building consensus through clear verbal and written communication within a distributed engineering team

Complex continuous integration pipelines, including use of nested virtualization

The exciting stuff you get to work on:
Adding new features to SecureDrop Workstation, such as workflows for redacting and sanitizing documents

Building out server API functionality to support SecureDrop Workstation development

Performing code reviews for contributions from the development team and the larger SecureDrop community

Performing security reviews of updated upstream code dependencies

Testing the security properties of current and proposed functionality/architecture using quantitative threat models and other techniques

Prototyping client-side encryption for journalist and source communication

Working with security consultants during penetration testing and audits of SecureDrop Server and Workstation

What it’s like to work with us

This is a unique opportunity to be part of a small, fully-remote, and internationally-distributed team that is making it possible for newsrooms to manage their most sensitive submissions, from the next big story about abuse of government power to the exposure of corruption at the local level.

This is a full-time role at a competitive non-profit salary. For US employees: FPF provides health, dental and vision insurance (via Aetna); 20 days of personal time off and 13 holidays; up to 12 weeks of paid paternity/maternity leave; and a 401(k) program. Freedom of the Press Foundation matches your 401(k) contributions dollar for dollar, up to 4 percent of your gross salary