Senior Software Engineer

Position Description

Freedom of the Press Foundation (FPF), a nonprofit organization dedicated to protecting, defending, and empowering public interest journalism, is hiring a senior software engineer to join its SecureDrop development team. Reporting to the engineering manager, SecureDrop, this is a unique opportunity to be part of a small, fully remote, and internationally distributed team that is making it possible for newsrooms to manage their most sensitive submissions, from the next big story about abuse of government power to the exposure of corruption at the local level. 

This position will work alongside the other five engineers on the team contributing to the project. You can learn more about our team and colleagues here. As a team, we strive to provide an equitable and collaborative environment. We have strong expectations of mutual respect, kindness, and understanding, and we build those expectations into our work through processes like blameless retrospectives. We share responsibilities for tasks and chores like code review and release management, and support each other in learning and professional development goals wherever we can.

About the project

SecureDrop is an open source whistleblower submission system used by journalists to communicate with sources. Through its hardened architecture and the use of the Tor network, it offers whistleblowers strong security and anonymity protections. Used by more than 70 news organizations worldwide, including The New York Times, The Washington Post, The Guardian, and Al Jazeera, SecureDrop is composed of a variety of components: 

• SecureDrop Server: an anonymous whistleblowing system, deployed on hardened and Ansible-managed Ubuntu servers, hosting two web applications available as onion services over the Tor Network.
• SecureDrop Workstation: a platform built on top of Qubes OS to make SecureDrop faster and simpler for journalists to use. It consists of multiple GUI applications and services that span across a suite of SaltStack-provisioned, task-specific virtual machines. 
• SecureDrop Protocol: an end-to-end protocol designed specifically for whistleblowing systems, and intended for a future reimplementation of SecureDrop Server.

For now, our main focus is on improving and expanding the functionality of SecureDrop Workstation, while maintaining SecureDrop Server. Future plans include a rewrite of the server application, using SecureDrop Protocol, to allow for easier deployments while preserving the security properties of the current system. As part of the team, a successful candidate will have a key role in these efforts.

Responsibilities

• Adding new features to SecureDrop Workstation, such as workflows for redacting and sanitizing documents
• Building out server API functionality to support SecureDrop Workstation development
• Performing code reviews for contributions from the development team and the larger SecureDrop community
• Testing the security properties of current and proposed functionality/architecture using quantitative threat models and other techniques
• Prototyping client-side encryption for journalist and source communication
• Working with external collaborators — for example, UX consultants during development of new features, or researchers studying SecureDrop or other privacy-enhancing technologies
• Taking turns on maintenance and release tasks with the rest of the team
• Other responsibilities as assigned by the engineering manager, SecureDrop

Qualifications

Must Have

• Solid experience in Python or Rust, and experience in one or more of these focus areas:
• Security-focused application development
• Desktop GUI development (preferably using Qt or another Linux-compatible framework)
• DevOps, automation, and release management
• Design and implementation of secure communication protocols
• 5-plus years of experience as a software engineer in a production environment, or equivalent experience
• Experience with Git, continuous integration, build automation, and test-driven development
• Experience working as part of collaborative team processes, including routine peer review of code contributions
• A passion for protecting the press freedom rights of all

Preferred

• Threat modeling, penetration testing, vulnerability management, and incident response
• Qubes, Tails, Tor, and other privacy/security technologies
• Creating design specifications and building consensus through clear verbal and written communication within a distributed engineering team
• Experience developing technologies to support activist, journalist, or civil society communities

Working with us

This is a full-time role with a competitive nonprofit salary in the range of $110,000-120,000, depending on experience. This position is available to all U.S.-based remote candidates. For more information on our full benefits package, please visit our website’s careers page. If you are not based in the United States but are interested in contributing to our SecureDrop project on a contract basis, please submit an application and, in lieu of a cover letter, include a document that briefly outlines how you believe you could contribute to the project in a consultant capacity.

FPF does not discriminate on the basis of an individual’s sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual or reproductive health decisions, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status, and other personal characteristics protected by law.

How to apply

If you think you’d like to be a part of our team, please submit your résumé and a cover letter (no longer than one page). Women, nonbinary individuals, and minorities are especially encouraged to apply.

After an initial application review, FPF’s hiring process involves a phone screening and an at-home test. For candidates moving to the final stages, a teamwide panel and a final meeting with our executive director will follow.