Staff Software Security Engineer (PHP) at Wikimedia Foundation

We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Staff Software Security Engineer (PHP) Wikimedia Foundation. New. Staff Software Security Engineer (PHP). Remote. Apply. Summary. The Wikimedia Foundation is looking for a Staff Security Software Engineer to join the Product Security team to build new security technologies to protect Wikipedia and our other projects. This is a very hands-on engineering role working alongside our other security team members to design and code new features to protect and reassure our users and to ensure the platform remains resilient against attacks.. YOU ARE ...a smart developer with experience building security features in large-scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You have a passion for the WMF mission. We do (almost) everything publicly and the work we do touches thousands of editors every day.. You will be working primarily on our MediaWiki platform which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing new security challenges such as supporting modern authentication technologies, detecting and preventing platform abuse from bots, and planning and rolling out improvements to our security architecture by defending against emerging security threats.. You are responsible for:. Help design and build MediaWiki security capabilities. Mentor and lead a security development team. Review and deploy security features developed by the Foundation and community members. Work with other development teams to ensure that they make safe architectural and implementation choices. Perform security maintenance and address technical debt in security-critical components. Provide support for application security incidents and operations. Skills and Experience:. The right person is better than the right set of experiences, these are the traits we’ve identified that make great additions to our team so far.. +8 years of experience in the software engineering area with a focus on security. Ability to work effectively in a modern, object-oriented PHP code-base. Experience developing client-side JavaScript. Experience in developing secure software or security-related product features. A strong interest in working with a talented security team and learning more specialist security skills such as exploiting and mitigating application-level vulnerabilities. Patience in explaining security issues and their implications on privacy and risk to non-technical audiences. Sensitivity to the security challenges faced by participants in a large, international project. Experience using Linux at the command line for tasks related to web application development and deployment. Ability to maintain focus when working remotely. Additionally, we’d love it if you have:. Experience working on anti-abuse mechanisms such as CAPTCHA and bot detection. Previous experience building security countermeasures against attacks on technologies at the web, backend, and database level. Experience finding and fixing security bugs and reviewing code for security gaps. A working knowledge of threat modeling and secure design patterns. About the Wikimedia Foundation. The Wikimedia Foundation is the nonprofit organization that operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge, and that everyone should be able to access that knowledge freely. We host Wikipedia and the Wikimedia projects, build software experiences for reading, contributing, and sharing Wikimedia content, support the volunteer communities and partners who make Wikimedia possible, and advocate for policies that enable Wikimedia and free knowledge to thrive. . The Wikimedia Foundation is a charitable, not-for-profit organization that relies on donations. We receive donations from millions of individuals around the world, with an average donation of about $15. We also receive donations through institutional grants and gifts. The Wikimedia Foundation is a United States 501(c)(3) tax-exempt organization with offices in San Francisco, California, USA.. As an equal opportunity employer, the Wikimedia Foundation values having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace. We encourage people with a diverse range of backgrounds to apply. We do not discriminate against any person based upon their race, traits historically associated with race, religion, color, national origin, sex, pregnancy or related medical conditions, parental status, sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, or any other legally protected characteristics.. The Wikimedia Foundation is a remote-first organization with staff members including contractors based 40+ countries. *. . Salaries at the Wikimedia Foundation are set in a way that is competitive, equitable, and consistent with our values and culture. The anticipated annual pay range of this position for applicants based within the United States is US$129,347 to US$ 200,823 with multiple individualized factors, including cost of living in the location, being the determinants of the offered pay. For applicants located outside of the US, the pay range will be adjusted to the country of hire. We neither ask for nor take into consideration the salary history of applicants. The compensation for a successful applicant will be based on their skills, experience and location. . *Please note that we are currently able to hire in the following countries: . Australia, Austria, Bangladesh, Belgium, Brazil, Canada, Colombia, Costa Rica, Croatia, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Ghana, Greece, India, Indonesia, Ireland, Israel, Italy, Kenya, Mexico, Netherlands, Nigeria, Peru, Poland, Singapore, South Africa, Spain, Sweden, Switzerland, Uganda, United Arab Emirates, United Kingdom, United States of America and Uruguay. Our non-US employees are hired through a local third party Employer of Record (EOR). . We periodically review this list to streamline to ensure alignment with our hiring requirements. . All applicants can reach out to their recruiter to understand more about the specific pay range for their location during the interview process.. If you are a qualified applicant requiring assistance or an accommodation to complete any step of the application process due to a disability, you may contact us at [email protected] or +1 (415) 839-6885.. More information. U.S. Benefits & Perks. Wikimedia Foundation. Applicant Privacy Policy. News from across the Wikimedia movement. Blog. Wikimedia 2030. Our Commitment to Equity. This is Wikimedia Foundation. . Facts Matter. Our Projects. Our Tech Stack. Apply for this job. *. indicates a required field. First Name. *. Last Name. *. Email. *. Phone. *. Location (City). *. Locate me. Resume/CV. *. Attach. Attach. Dropbox. Enter manually. Enter manually. Accepted file types: pdf, doc, docx, txt, rtf. Cover Letter. Attach. Attach. Dropbox. Enter manually. Enter manually. Accepted file types: pdf, doc, docx, txt, rtf. Do you have a GitHub account or similar that we could look at? If yes, please add the link.. Do you have experience in developing and maintaining security features for software applications?. *. Select.... Have you ever made specific security improvements to a system? Please mention 1-2 examples.. *. If you are based in the U.S. please provide your zipcode:. *. Are you legally authorized to work in the country with which you reside? . *. Select.... Will you require sponsorship to work in the country with which you reside now or in the future? . *. Select.... Please select your country of residence. *. Select.... How did you hear about this job?. *. Are you currently an active member or contributor to any of our communities?. *. Select.... Please enter preferred first and last name. LinkedIn Profile. I certify that the information in this application is true and correct to the best of my knowledge. I understand that providing false information is grounds for denial of employment, or termination of employment should I be hired. Please type your name to electronically sign this document.. *. I understand that the following questions below are intended for U.S.-based applicants only and are voluntary.. *. Select.... Voluntary Self-Identification. For government reporting purposes, we ask candidates to respond to the below self-identification survey.Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiringprocess or thereafter. Any information that you do provide will be recorded and maintained in aconfidential file.. . As set forth in Wikimedia Foundation’s Equal Employment Opportunity policy,we do not discriminate on the basis of any protected group status under any applicable law.. Gender. Select.... Are you Hispanic/Latino?. Select.... Race & Ethnicity Definitions. If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:. A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.. A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.. An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.. An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.. Veteran Status. Select.... Voluntary Self-Identification of Disability. . . Form CC-305. . Page 1 of 1. . . . OMB Control Number 1250-0005. . Expires 04/30/2026. . Why are you being asked to complete this form?. We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.. Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at . www.dol.gov/ofccp. .. How do you know if you have a disability?. A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. . Disabilities include, but are not limited to:. . Alcohol or other substance use disorder (not currently using drugs illegally). . Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS. . Blind or low vision. . Cancer (past or present). . Cardiovascular or heart disease. . Celiac disease. . Cerebral palsy. . Deaf or serious difficulty hearing. . Diabetes. . Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders. . Epilepsy or other seizure disorder. . Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome. . Intellectual or developmental disability. . Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD. . Missing limbs or partially missing limbs. . Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports. . Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS). . Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities. . Partial or complete paralysis (any cause). . Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema. . Short stature (dwarfism). . Traumatic brain injury. Disability Status. Select.... PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.. Submit application. Powered by. Read our. . Privacy Policy.