In support of The PSF’s mission, we are hiring for an engineering role that will focus on improving the safety and security of the Python Package index. This role will have shared ownership of key security & safety features with senior maintainers.
As the PyPI Safety & Security Engineer, you will work full time on the Python Package Index and related supporting projects to propose, design, develop, test and deploy changes that improve end-user safety and security. Additionally, you will perform sensitive and/or high-access tasks such as account recovery, malware review, and other tasks critical to ensuring PyPI remains a safe and secure service for its users.
As an externally funded role, the term for this position will initially be one year with the possibility of extension based on available funding or renewals of funding.
- Develop and initiate a roadmap for PyPI security improvements and make progress against resulting security improvement milestones.
- Increase assistance for package maintainers, including improving documentation of security features and help recovering from security incidents
- Create infrastructure and additional permissioning to more robustly enable multi-maintainer projects
- Design an internal mechanism for triaging security incident responses with escalation policies.
- Collect and track malware response times. Lead efforts to reduce resolution time.
- Review and improve procedures and processes for account verification and recovery.
- Collect and track response time for recovery requests. Lead effort to reduce resolution time.
- Work with volunteers and PSF staff to implement key improvements to PyPI and related open-source projects in a timely manner
- Formalize existing security practices and help PyPI end-users become more proactive with regards to security improvements
- Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward
- Advocate for security improvements and best practices in the Python packaging community
- Establishing a security metric to demonstrate sustained and renewable impact
- Participation in relevant working groups and meetings to help share lessons and challenges
- Experience with Python and software security
- Experience collaborating and communicating in open source communities
- Experience managing software development projects from beginning to end
- Excellent communication and documentation skills
- Experience with open source software development and open source tools and best practices, as a contributor and/or as a maintainer
- Experience gathering feedback and requirements from users and colleagues
- Knowledge of security engineering, user security and safety, incident response handling
The call for resumes will be open until June 1, 2023. Please apply on our jobs site.
Python.org Jobs Feed