Senior/Staff Security Engineer

San Francisco, USA or Victoria, Canada or Paris, France
Engineering – Engineering
Employee - FT
Change.org is seeking a Senior or Staff Security Engineer who will be part of the team responsible for the security of our global infrastructure and applications. As a member of our team, you’ll ensure that activists all over the world can securely participate in Change.org actions and truly help make a positive impact on the world. We’re facing exponential growth, which necessitates interesting security projects such as bot detection, access control, and data protection. In this role you’ll work primarily on application and cloud security, collaborate with IT on endpoint security and staff protection, define our incident response procedures, and foster a culture of security across the organization. The security and privacy of our employees and users are paramount, and you will help achieve it.

This position reports to the Director of Engineering who oversees infrastructure, security, and site integrity. The ideal candidate has experience with application, cloud, and endpoint security, and is comfortable at several different levels of engagement, whether it’s collaboration with application and infrastructure engineers or IT, working with vendors, or direct participation in implementation.

A Senior Security Engineer at Change is someone who can work effectively at scale, manages their own priorities and makes appropriate progress with minimal supervision. Typically, Senior Security Engineers have 4-5 years of relevant engineering experience as well as a mastery of one skill, such as penetration testing, application or cloud security, or security monitoring and response.

A Staff Security Engineer at Change is not only able to work effectively and efficiently at scale, but they also set direction and priorities for a small number of adjacent engineers. 

When we get busy, it’s likely that we’re making headline news somewhere. It is a distinct pleasure to know we are providing a safe site that is empowering people all over the world. Our team takes great pride in using our powers for good.

As a member of the team you will:

    • Influence our overall security roadmap
    • Collaborate with engineering teams in building out a secure global service-oriented architecture
    • Schedule and execute automated security audits on applications and infrastructure
    • Manage penetration tests for applications and services
    • Setup security monitoring and participate in security-related incident response
    • Document current and future security procedures and policies
    • Remediate and write post-mortem reports on security-related issues
    • Be actively involved in design, implementation, and maintenance of application, cloud, and endpoint security
    • Manage and deliver staff protection policies
    • Train and socialize security best practices across the company
    • On-call duties for rare instances such as alarms for security breaches or staff protection issues 

    • We’re happy to help you learn what you need to know; we encourage and support each other’s growth and we are open to any candidate with expertise across these areas.

This describes you:

    • 4+ years of experience with various web application security frameworks and tools
    • 2+ years of experience with security penetration testing
    • You have experience in Linux/UNIX systems engineering and administration
    • You are familiar with cloud platforms such as AWS or Google Cloud
    • You can jump into less than ideal situations and make things better
    • You are comfortable developing and delivering training to both technical and non-technical audiences
    • Ability to work in a proactive manner and manage your own queue
    • Ability to travel as required

Nice to have skills:

    • Experience with SOC-2 or other compliance frameworks
    • Experience with data privacy requirements
    • Proficient in shell scripting and either Ruby or Python
    • Automation experience with configuration management tools such as Chef, Ansible, or Puppet
Location: Victoria, BC, Canada (preferred); San Francisco, CA; Paris, France

Change.org is committed to being a diverse and inclusive workplace. We strongly encourage applicants of different backgrounds, cultures, genders, experiences, abilities and perspectives to apply.

All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.