Security Developer (Python)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Security Developer (Python): Driving vulnerability remediation and malware mitigation for the Python ecosystem with an accent on supply-chain security and infrastructure maintenance. Focus on scaling response capacity, developing secure development practices, and collaborating with the core team to document threat models.
Location: Global remote. Regular collaboration with US timezones is required.
Compensation: $70,000–$170,000 (based on experience and local norms).
Company
The is a US-based non-profit organization dedicated to supporting the Python programming language and its global community.
What you will do
- Triage and remediate vulnerabilities in CPython and related projects.
- Mitigate malware and supply-chain attacks on the Python Package Index (PyPI).
- Maintain and operate security infrastructure, including CVE numbering and OSS-Fuzz tools.
- Develop and refine workflows to scale security response capabilities.
- Document security and threat models for the language and standard library.
- Communicate security metrics and impact to the public and community.
Requirements
- 3-5 years of experience with Python or C programming.
- Knowledge of vulnerabilities in C, specifically memory safety issues.
- Strong asynchronous and written communication skills.
- Ability to manage and prioritize multiple concurrent threads of work.
- Must be able to collaborate regularly within US timezones.
Nice to have
- Experience with secure development practices for Python and C.
- Background in vulnerability disclosure, CVE processes, and threat modeling.
- Familiarity with fuzz-testing, address sanitizers, and memory sanitizers.
- Experience working within open source projects and communities.
Culture & Benefits
- Opportunity to contribute to the core of the Python language.
- Flexible work environment within a small, supportive team.
- Annual travel to PyCon US.
- US employees are eligible for healthcare and other standard benefits.
- Commitment to a safe, inclusive, and diverse global community.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →