Senior Software Engineer (Privacy)

The Wikimedia Foundation is looking for a Senior Software Engineer to join the Product Safety and Integrity team and build new security features to protect Wikipedia and our other projects. This is a very hands-on engineering role, working alongside a team of engineers and product managers to design and implement new features to protect and reassure our users and to ensure the platform remains resilient against attacks.

You are a seasoned software engineer with experience building security features in large-scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You have a passion for the WMF mission. We operate in a highly transparent manner, and the work we do touches thousands of editors every day.

You will be working primarily on our MediaWiki platform which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing new security challenges such as supporting modern authentication technologies, detecting and preventing platform abuse from bots, and planning and rolling out improvements to our security architecture by defending against emerging threats.

You are responsible for:

• Helping design, develop, and deliver security features, with safety and security in mind
• Working with other engineering teams to ensure that they make safe and compliant architectural and implementation choices
• Leading by example in code review, decision-making, and team culture - fostering transparency, empathy, and collaboration
• Developing, reviewing, and deploying security features developed by the Foundation and community members
• Conducting internal and external security and privacy reviews
• Performing maintenance and addressing technical debt in security and privacy-critical components
• Providing support for application security and privacy incidents and operations

Do you have experience in PHP?, We value the right mindset and potential over a checklist of specific experiences, and these are the traits we've identified that make great additions to our team so far.

• 5+ years of experience as a software engineer, ideally with focus on security or privacy
• Ability to work effectively in a modern web application - ours is mostly PHP and JavaScript
• Deep PHP experience isn't required, if you have enough experience in engineering, and back-end web development, to learn it and be useful
• Driving technical quality and operational excellence by defining and reinforcing standards in testing, observability, and system reliability;
• Comfortably and autonomously creating proofs of concept, writing design documents, and breaking down complex projects into actionable tasks to support less experienced team members
• Experience in developing secure software or security and privacy-related product features
• A strong interest in working with a talented security team and learning more specialist security skills such as exploiting and mitigating application-level vulnerabilities
• Ability to explain complex security issues and their implications on privacy and risk to non-technical audiences
• Sensitivity to the security and privacy challenges faced by participants in a large, international project
• Experience working in a remote, distributed team

Additionally, we'd love it if you have:

• Experience working on anti-abuse mechanisms, such as detecting bots or coordinated activity
• Previous experience building security countermeasures against attacks on technologies at the web, backend, and database level
• Experience finding and fixing security bugs and reviewing code for security gaps
• A working knowledge of threat modeling, secure design patterns and privacy by design
• Prior experience with MediaWiki or Wikimedia projects
• Contributions to open-source software

The Wikimedia Foundation is the nonprofit organization that operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge, and that everyone should be able to access that knowledge freely. We host Wikipedia and the Wikimedia projects, build software experiences for reading, contributing, and sharing Wikimedia content, support the volunteer communities and partners who make Wikimedia possible, and advocate for policies that enable Wikimedia and free knowledge to thrive. The Wikimedia Foundation is a charitable, not-for-profit organization that relies on donations. We receive donations from millions of individuals around the world, with an average donation of about $15. We also receive donations through institutional grants and gifts. The Wikimedia Foundation is a United States 501(c)(3) tax-exempt organization with offices in San Francisco, California, USA. As an equal opportunity employer, the Wikimedia Foundation values having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace. We encourage people with a diverse range of backgrounds to apply. We do not discriminate against any person based upon their race, traits historically associated with race, religion, color, national origin, sex, pregnancy or related medical conditions, parental status, sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, or any other legally protected characteristics. The Wikimedia Foundation is a remote-first organization with staff members including contractors based 40+ countries*. Salaries at the Wikimedia Foundation are set in a way that is competitive, equitable, and consistent with our values and culture. The anticipated annual pay range of this position for applicants based within the United States is US$113,082 to US$175,725 with multiple individualized factors, including cost of living in the location, being the determinants of the offered pay. For applicants located outside of the US, the pay range will be adjusted to the country of hire. We neither ask for nor take into consideration the salary history of applicants. The compensation for a successful applicant will be based on their skills, experience and location. * Please note that we are currently able to hire in the following countries: Australia, Austria, Bangladesh, Belgium, Brazil, Canada, Colombia, Costa Rica, Croatia, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Ghana, Greece, India, Indonesia, Ireland, Israel, Italy, Kenya, Mexico, Netherlands, Nigeria, Peru, Poland, Singapore, South Africa, Spain, Sweden, Switzerland, Uganda, United Kingdom, United States of America and Uruguay. Our non-US employees are hired through a local third party Employer of Record (EOR). We periodically review this list to streamline to ensure alignment with our hiring requirements.