Python Software Foundation logo
Python Software Foundation

The Python Software Foundation is the non-profit organization behind the Python programming language.

Security Developer

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1-10Since 2001H1B No SponsorCompany SiteLinkedIn

Location

Worldwide

Posted

2 days ago

Salary

$70K - $170K / year

Seniority

Senior

Bachelor Degree3 yrs expEnglishOpen SourcePython

Job Description

Security Developer

Python Software Foundation

• Triage and remediate vulnerabilities in CPython and related projects in coordination with the Python core team. • Remediate malware and supply-chain attacks for projects on the Python Package Index. • Maintain and operate infrastructure for the Python Security Response Team, PSF CVE Numbering Authority, and security tools in use by Python, like OSS-Fuzz. • Propose and develop improvements to the above workflows to scale the response to meet future demand. • Work with the Python Security Response Team and Python core team to develop and refine vulnerability and secure development practices. • Work with the Python core team to document the security and threat models for the Python programming language, standard library, and related projects. • Researching, authoring, and publishing public communications about metrics, impact, and potential future work for Python security.

Job Requirements

  • 3-5 years experience with Python or C programming languages.
  • Knowledge about vulnerabilities affecting programs written in C, such as memory safety issues.
  • Asynchronous and written communication skills with the ability to manage and prioritize multiple concurrent threads.
  • Experience working with open source projects and communities is a plus.
  • Security certifications are not required.

Benefits

  • US employees are eligible for healthcare and other benefits

Related Categories

Related Job Pages

More Security Engineer Jobs

GitHub, Inc. logo

Strategic Field Security Specialist

GitHub, Inc.

GitHub is the world’s leading AI-powered developer platform with 150 million developers and counting. We’re also home to the biggest open-source community on earth (and 99% of the world’s software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub. Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!). At GitHub, our goal is to create the space you need to do your best work. We’re remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are—because we know that people flourish when they can work on their own terms. Join us, and let’s change the world, together.

Full TimeRemoteTeam 501-1,000

Role Description GitHub helps companies and organizations succeed by allowing them to build better software, together. Are you passionate about application security? Would you like to ensure developers get a world-class experience working with security tools? Have a technical and curious mindset? We have a role for you! We're looking for experienced, technical-minded professionals who want to partner with senior leaders, engineers, and technical teams at our most strategic customers focused on accelerating and growing their success with GitHub Advanced Security. You will become a key expert in supporting customers with GitHub Advanced Security. The ideal candidate shows a passion to help secure the world’s code. Field Security Specialists are also recognized as senior subject matter experts, in part by their activity in supporting customers where they are (including via industry groups, technical committees, and research opportunities) and by using their ability to synthesize customer experience to provide an industry lens in public presentations and writing in addition to supporting a variety of diverse internal teams, including sales professionals, product management, engineering, and marketing in efforts that ensure that GitHub, and our customers, are successful, together. We're obsessed with our customers and the quality of our work. If you are technically sharp, security-focused and people-oriented, you might be a fit for this role! Responsibilities - Customer interaction: - Adept at working with large and strategic corporations with minimal oversight. - Possess Technical and Business skills, including: - Ability to present vision and strategy to CxOs as well as have deeply technical discussions with Engineering leads. - Flexibility and skill to adapt conversations or messaging on the fly regardless of the participants. - Familiarity with the Challenger sales methodology such as MEDDPICC or Command of the Message (not an expected requirement). - Internal collaboration: - Engage in cross-functional collaboration within GitHub, including Sales, Professional Services, Technical Product Management, Product Marketing, Engineering, and Marketing. - Work with these teams to understand and convey deep customer needs, product roadmap and direction, as well as detailed product and technical capabilities. - Be an internal expert on customer and industry trends. - Advocating for customer interests within GitHub by communicating customer feedback and perspectives to appropriate teams to be considered in product strategy. - External Collaboration: - Build a network of leaders, tastemakers/influencers, and customers to inform your own knowledge of the product and corporate landscape as well as position GitHub as an integral part of the security space. - Become a trusted partner with leadership at GitHub’s strategic customers, allowing GitHub to provide an enhanced experience, as well as be better able to position GitHub for future sales opportunities. - Build relationships with key decision-makers, visit customers on-site, and serve as a trusted advisor and point of contact. - Learn about customers' successes and challenges. - Bring insights to your efforts that cross territories, regions, and industries. - Participate in working groups, panels, and industry forums to share your insight. - GitHub Advanced Security expertise: - Possesses deep technical knowledge of GitHub’s Advanced Security features and capabilities to be able to position them to customers, as well as provide timely answers to their technical questions. - Understand the code analysis landscape and market segment, and the needs of users and developers. - Have a high-level knowledge of GitHub’s CodeQL technology. - Understanding of application SAST/DAST/SCA principles, varieties of vulnerabilities and market landscape. - Strong knowledge of the security community and application security in general. - Collaborate with the GitHub Security Labs team, the Open Source community and GitHub’s Enterprise customers to create the best analysis libraries possible. - Business Development: - Be a partner to the field sales team. Help them understand and improve the relationship with their customers. - Drive customer happiness, and plans to assess the market opportunity for GitHub Products and Services by aligning resources to meet business goals. - Provide limited, impactful support to High Potential and Strategic sales opportunities as agreed upon by regional leadership. - Identifying customer business requirements and matching them to product features. - Building joint customer strategies with enterprise sales and field services to encourage product adoption. - Support projects and initiatives that provide sales acceleration opportunities. - Represent GitHub: - You will be a leader for your market and represent GitHub at customer and partner meetings as well as small and large events. - You will be a key resource supporting GitHub to hit aggressive sales targets. - Deliver live product demonstrations, and sales presentations, and lead clients through proof of concept for GitHub products. - Helping customers integrate GitHub products with their existing tools, workflows, and processes. - Public speaking and outreach (including Demand Generation, Public Relations, Analyst Relations, Webinars and Customer Evidence). Qualifications - 10+ years experience in technical consulting, technical consultative selling, or related technical/sales/industry experience - OR Bachelor's Degree in Computer Science, Information Technology, Engineering, or related field AND 8+ years experience in technical consulting, technical consultative selling, or related technical/sales/industry experience - OR Master's Degree in Computer Science, Information Technology, Engineering, or related field AND 6+ years experience in technical consulting, technical consultative selling, or related technical/sales/industry experience - OR Doctorate in Computer Science, Information Technology, Engineering, or related field AND 4+ years experience in technical consulting, technical consultative selling, or related technical/sales/industry experience - OR equivalent experience. - 8+ years practical experience in Enterprise Software Development AND 6+ years practical experience in Application Security (SAST/DAST/SCA etc.). - Ability to travel up to 25% to serve business or client needs. - Fluency in German and English required. Requirements - Knowledge of Continuous Integration, Continuous Delivery (CI/CD) architecture, GitHub Actions, tools and workflows. - Experience with either Python, TypeScript or Go, as well as Java or C#. - In-depth experience in application security concepts such as static analysis, dynamic analysis, control flow, data flow, information flow, security analysis, program transformation, taint analysis and taint tracking. - Confident and proven communication skills both written and verbal demonstrated through internal/external speaking events, blogging, conference talks, podcasts, published content etc. GitHub Values - Customer-obsessed - Ship to learn - Growth mindset - Own the outcome - Better together - Diverse and inclusive Leadership Principles - Create clarity - Generate energy - Deliver success

Germany
Grupo Boticário logo

Técnico de Segurança do Trabalho III – Gestão de Terceiros

Grupo Boticário

Criamos oportunidades para a beleza transformar a vida das pessoas, e assim transformar o mundo ao nosso redor.

Full TimeRemoteTeam 10,001+Since 2010H1B No Sponsor

• Gestão Operacional de Serviços de risco: **analisar e liberar prestação de serviço (manutenção, obras, *facilities *e reformas), garantindo os requisitos de segurança e fluxo ágil de atendimento via e-mail e sistemas internos; • Autorizar APR e PTR: **Realizar a liberação de Permissões de Trabalho (PTR) e Análises Preliminares de Risco (APR), assegurando o cumprimento das normas; • Gestão de Documentos e Integração: **Realizar análise documental técnica necessária para o início das atividades e ministrar treinamentos de integração para terceiros; • Realizar atualização documental de SST (mensal) de todos os fornecedores de contrato, garantido atendimento à norma, com documentos atualizados; • Gestão de Contratações Especializadas: **Coordenar o processo de contratação de serviços de alto risco (Alpinistas Industriais), desde a abertura da demanda até a geração de pedidos e documentos técnicos.

Brazil
Mastercard logo

Lead Guild Security Engineer

Mastercard

Founded in 1966, Mastercard is a worldwide transaction, payment-processing, and consulting company best known for its line of personal and business credit cards. As an employer, Ma

Full TimeRemoteTeam 38,800Since 1966

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Lead Guild Security Engineer Who is Mastercard? Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Mission First, People Always As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day. By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission. Overview The Business Security Enablement (BSE) team is looking for a Lead Security Engineer to join our team. The Business Security Enablement guild is a worldwide team of information security experts focused on helping Mastercard achieve its goals by ensuring security is at the heart of everything we do. The ideal candidate needs a high level of expertise in information security and secure engineering disciplines to advise product and operational teams on how to securely design applications and services following industry best practices. You will apply deep knowledge of security principles, theories, and concepts throughout the business and development lifecycles. As an L6 Security Engineer, you are expected to take a lead security role in large, complex, global, cross-functional initiatives. Role• Advocate on behalf of the BSEG Guild, providing directions to program security engineers and market facing programs on the current security review processes and procedures ensuring established security policies and standards are observed on projects.• Document enhancements to security standards and procedures. • Prepare and present business/technical presentations.• Apply knowledge of security principles, theories and concepts to business requests.• Take a Lead Security Position in larger, more complex initiatives (e.g., global initiatives, cross functional/cross geographies).• Provide and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems. All About You• 7-10 years of experience in information security disciplines.• CISSP or Industry recognized security certification desired.• Advanced knowledge of security protocols and standards, experience with security frameworks, architecture and secure designs, especially for the implementation of web-based applications to secure on-line transactions.• Knowledge or technical security experience in Cryptography.• Working knowledge of symmetric and asymmetric encryption, Digital Certificates, SSL, VPN, IPSec, development of DMZ's and other security tools and processes such as privileged identity management, file integrity, audit, logging and IDS/IPS.• Experience with automation and process improvement.• Technical experience with Programming Languages.• Intermediate to advanced hands-on scripting experience. • Moderate to extensive hands-on administrative and security experience with Linux systems. NICE Framework References This Mastercard role shares knowledge, skills, and abilities with related NICE work roles.• SP-DEV-002, OPM622, Secure Software Assessor• SP-ARC-002, OPM652, Security Architect Corporate Security Responsibility Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:• Abide by Mastercard's security policies and practices.• Ensure the confidentiality and integrity of the information being accessed.• Report any suspected information security violation or breach.• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: - Abide by Mastercard's security policies and practices; - Ensure the confidentiality and integrity of the information being accessed; - Report any suspected information security violation or breach, and - Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

Ireland
Full TimeRemoteTeam 501-1,000

• Lead the final phase of Sensiba's Zero Trust transformation and endpoint security modernization. • Develop, document, and maintain enterprise security standards and configuration baselines. • Establish scalable security practices that support long-term growth and compliance. • Manage and optimize Microsoft Sentinel for monitoring, detection, and response activities. • Develop and tune detection rules, alerts, investigations, and automated response workflows. • Lead security investigations, incident response efforts, and proactive threat hunting activities. • Own Defender XDR, Defender for Endpoint, and Defender for Cloud administration and security posture management. • Monitor and remediate vulnerabilities across user devices and cloud environments. • Manage Microsoft Purview Data Loss Prevention (DLP) policies and information protection programs. • Support Sensiba's annual SOC 2 Type II audit process by producing technical evidence and validating controls.

California
$97.2K - $145.2K / year