Summary
The Wikimedia Foundation is looking for a Director of Security to ensure that rapid evolution of the Wikimedia software continues to preserve the security of the sites and the privacy of our users. We are looking for someone who is passionate about Wikimedia’s mission to bring free knowledge to every person on the planet, and who will strive to help Wikimedia software developers learn to incorporate secure thinking into their development practice.
The Director of Security will join the other Engineering Directors at Wikimedia who support engineers and designers building features, products, and services used by hundreds of millions of people around the world. This is an opportunity to do good while improving the security, stability, scalability, and maintainability of one of the best known sites in the world.
YOU ARE a smart, experienced security professional that understands all aspects of security in a top web property. You have significant software security experience in large scale systems. You understand and enjoy running security operations. You know how to create and operate incident response systems. You have experience counseling engineering and non-engineering teams about the privacy and security implications of their projects and data releases, are familiar with the benefits and vulnerabilities of different anonymization techniques, and can swiftly and effectively manage security incidents. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You know how to build software correctly and hold others to the same high standards. You understand the principles of open source software development and the importance of community building. You have experience with and enjoy building and mentoring security teams. You enjoy being part of a large, vibrant, passionate and involved community.
You will be leading a team responsible for ensuring the security and integrity of applications written in PHP, Python, JavaScript (Nodejs) among others, using both relational and key-value data storage mechanisms.
As a Director of Security, we’d like you to do these things:
Develop a threat model for the Wikimedia Foundation and all our projects and define the right security profile in collaboration with your peer group and our IT department.
Run day-to-day security operations for the Wikimedia Foundation, including our community-facing and enterprise systems.
Design incident response policies and execute incident response processes.
Design and deploy account and content abuse detection mechanisms.
Refine and improve access controls and audits.
Lead security and privacy incident handling and response.
Manage external security audits and pen tests and implement mitigation strategies to address discovered vulnerabilities.
Serve as a subject matter expert on application security, communicating its impact on security, risk, and compliance decisions.
Manage a team of up to six members, leading performance reviews, hiring, goal-setting, compensation planning, and career development.
Design and develop security-centric enhancements of Wikimedia systems.
Conduct security reviews of software designs and implementations.
Deploy security patches to Wikimedia websites.
Prepare periodic security releases of MediaWiki software.
Define and manage department budget.
Work with peer groups such as Legal, Office IT, Finance, Advancement and others in the Foundation to define:
Strategies for addressing security and privacy concerns;
Initiatives to maintain security as related to software design, development, documentation, and release; and
Practices to ensure the privacy, security, and integrity of data throughout the collection, access, analysis, release, and retention processes.
