Security Engineer (Remote) at Avaaz

Avaaz reaches tens of millions of citizens every week with opportunities to change the world. This includes protecting our planet from climate change and other threats, fighting to stop social media from undermining our democracies, and deepening human connection. 
Our tech and security needs are growing, and we’re now looking for a Security Engineer to join our tight-knit group of outstanding professionals, working from home in 25 countries. If you’re up for an adventure, read on…
Some of the things we’ve been working on are...
  • A system for citizens to report disinformation ahead of the EU and US elections
  • Reporting on how YouTube’s recommendation algorithm promotes climate denial
  • Connecting citizens stuck at home during the coronavirus pandemic
  • Providing our campaigns team with detailed statistics to measure campaign success
  • Improving our architecture and modernizing our legacy software stack.
The Security Engineer will be part of a team that has responsibility for all security aspects of the organization’s technology, systems, communications, and staff. We are seeking a candidate with a strong technical background, hands-on experience implementing security across the full breadth of the technology stack and a strong ability to provide balanced and actionable security solutions for Avaaz. Specific responsibilities include:
  • Design and implement security solutions across all technology that Avaaz runs.
  • Align security of Avaaz applications and infrastructure to security best practices.
  • Provide continued compliance of the organization with applicable security and data protection standards (e.g. GDPR).
  • Provide security advice on proposed new technologies, projects and campaigns.
  • Perform security monitoring/operations tasks and incident response.
  • Identify new security solutions and tools to improve Avaaz security.
  • Assist in user security education and security awareness training and campaigns.

Required
  • Familiarity and solid knowledge of how cloud-hosted modern web applications are designed, built and deployed. In particular, design-level and hands-on implementation experience with AWS and GCP.
  • Experience in designing and implementing solutions to protect applications, networks and infrastructure from threats.
  • Strong Python and shell scripting skills, primarily with the focus of implementing security solutions and automating security processes.
  • Solid understanding of zero trust network/BeyondCorp principles and designing security solutions that follow those principles.
  • Ability to look at a new technology or project and then quickly apply security principles/best practices to make prioritised recommendations to secure the technology/project
  • Highly flexible with rapidly-shifting needs and priorities
  • Delivery-oriented with high attention to detail and without paralyzing perfectionism
  • Ability to deliver complex technical subjects to technical and non-technical audiences.
Desired
  • Experience performing security monitoring/operations (SIEM, WAF, IDS, log analysis, etc.)
  • Broad application security exposure (across secure coding and architecture, common application security vulnerabilities, threat modeling, and/or vulnerability management)
  • Familiarity identifying and deploying technologies that enable secure online communications.
  • Experience in providing security advice/consulting for technology projects (either internal or external to an organisation)
  • Experience in security configuration of computers and mobile devices. In particular, strong macOS, Android and iPhone management, security and troubleshooting experience.
  • Exposure to security incident response processes and execution.
  • Experience in engaging and managing external vendors to conduct security testing and managing remediation of vulnerabilities.

About Avaaz
Avaaz is a movement that brings together 55 million citizens from across the world, with a mission to help solve some of the world’s biggest problems. Its entire budget comes from small citizen donations, meaning Avaaz is independent and able to take on organisations such as Facebook, Monsanto and the Murdoch media which many other groups cannot. 
Location
Avaaz is a fully virtual organisation, coordinating work using email, Skype and other tools. Our staff are based all over the world. Applicants from any timezone may apply. Avaaz will support you to set up a home or co-working environment that leads to excellence in delivery and long-term sustainability.
Compensation and Benefits
Compensation varies with location and experience, but is highly competitive with leading nongovernmental organisations. Benefits also range with location, but include 5 weeks paid vacation per year (prorated as applicable).