PyPI Safety & Security Engineer

The Python Software Foundation (PSF) is hiring for a full-time PyPI Safety & Security Engineer, reporting to the PSF Director of Infrastructure.

Role description

In support of The PSF’s mission, we are hiring for an engineering role that will focus on improving the safety and security of the Python Package index. This role will have shared ownership of key security & safety features with senior maintainers.

As the PyPI Safety & Security Engineer, you will work full time on the Python Package Index and related supporting projects to propose, design, develop, test and deploy changes that improve end-user safety and security. Additionally, you will perform sensitive and/or high-access tasks such as account recovery, malware review, and other tasks critical to ensuring PyPI remains a safe and secure service for its users. 

As an externally funded role, the term for this position will initially be one year with the possibility of extension based on available funding or renewals of funding.

Responsibilities

• Develop and initiate a roadmap for PyPI security improvements and make progress against resulting security improvement milestones.
• Increase assistance for package maintainers, including improving documentation of security features and help recovering from security incidents
• Create infrastructure and additional permissioning to more robustly enable multi-maintainer projects
• Design an internal mechanism for triaging security incident responses with escalation policies.
• Collect and track malware response times. Lead efforts to reduce resolution time.
• Review and improve procedures and processes for account verification and recovery.
• Collect and track response time for recovery requests. Lead effort to reduce resolution time.
• Work with volunteers and PSF staff to implement key improvements to PyPI and related open-source projects in a timely manner
• Formalize existing security practices and help PyPI end-users become more proactive with regards to security improvements
• Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward
• Advocate for security improvements and best practices in the Python packaging community
• Establishing a security metric to demonstrate sustained and renewable impact
• Participation in relevant working groups and meetings to help share lessons and challenges

Minimum Qualifications

• Experience with Python and software security
• Experience collaborating and communicating in open source communities
• Experience managing software development projects from beginning to end 
• Excellent communication and documentation skills

Preferred Qualifications

• Experience with open source software development and open source tools and best practices, as a contributor and/or as a maintainer.
• Experience gathering feedback and requirements from users and colleagues
• Knowledge of security engineering, user security and safety, incident response handling.

Details

Applicants from around the world are welcome for this remote position. If the applicant is based outside the USA, the PSF would offer an independent contractor role, structured with autonomy to meet agreed goals of the position in the manner you determine; income may be subject to US income tax. If the applicant is within the USA, the PSF would offer a full-time employee role with compensation including salary, 401K, as well as health (full premium paid by the PSF), dental, and vision insurance and paid time off. Total compensation will range from $100k-$150k USD based on qualifications and experience.

This position will report to the Director of Infrastructure. Some recurring availability within the US Eastern/Central time zone will be necessary for check-ins and reporting.

Apply

The call for resumes will be open until June 1, 2023. To apply please submit your cover letter, resume, and contact information via the form on this page.

The Python Software Foundation is a US 501(c)(3) non-profit corporation that holds the intellectual property rights behind the Python programming language. We also run the PyCon US conference annually, support other Python conferences/workshops around the world, and fund Python-related development with our grants program. To see more info about the PSF, check out our Annual Impact Report and public records.

We believe that the future of open source must include everyone. We welcome all job-seekers regardless of race, color, ethnicity, religion, age, sexual orientation, gender identity or expression, national origin, physical appearance, body size, socio-economic, veteran or disability status. Python is a global community and the PSF aims to support a safe environment for all. More information can be found on our Code of Conduct page.

The Python Software Foundation is a US 501(c)(3) non-profit corporation that holds the intellectual property rights behind the Python programming language. We also run the PyCon US conference annually, support other Python conferences/workshops around the world, and fund Python-related development with our grants program. To see more info about the PSF, check out our Annual Impact Report and public records.

We believe that the future of open source must include everyone. We welcome all job-seekers regardless of race, color, ethnicity, religion, age, sexual orientation, gender identity or expression, national origin, physical appearance, body size, socio-economic, veteran or disability status. Python is a global community and the PSF aims to support a safe environment for all. More information can be found on our Code of Conduct page.

Desired Skills

• Security

Contact Info

• Company Website: https://www.python.org/psf/mission/