At ActBlue Technical Services, we build and maintain a powerful online fundraising platform for Democratic campaigns, progressive organizations, and nonprofits working to create a better future. We put power in the hands of small-dollar donors by making it easier for grassroots supporters to make their voices heard and by helping thousands of groups from presidential candidates to environmental organizations build people-powered movements.
If youve ever given online to a Democratic candidate or progressive organization, chances are youve used our software. Our team has a big impact on the future of our country, and with the 2020 elections on the horizon, were busier than ever helping small-dollar donors make an impact and take on Trumps administration.
We are seeking a Security Operations Engineer/Analyst who also has a strong background in security and compliance frameworks to keep us protected against ever-evolving software, hardware, and social engineering attacks. We offer autonomy, responsibility, and amazing in-office and remote colleagues geeking out about politics and tech all day, plus generous benefits. This position is located at our HQ in Somerville, MA (with flexibility to work from home a few days per week).
What youll be doing:
- Managing our PCI compliance process and making sure controls and processes are in place across the organization.
- Writing policies and procedures to support our compliance efforts in conjunction with our technical staff (DevOps and Software Engineering).
- Implementing security controls as applicable to ensure enforcement of policies and procedures.
- Managing compliance initiatives including scheduling, ticketing of deliverables and remediations, and tracking cross-functional dependencies.
- Communicating with departments throughout the organization on project requirements and status.
- Doing due diligence and gap analysis on our current posture and future architecture. (Ability to validate log file verbosity, system configurations, encryption levels, ACLs etc.)
- Educating staff about the compliance program and benefits to the business.
What youll be working with:
- Our stack: Ruby on Rails, React, PostgreSQL, Node.js, Redis, Chef, Terraform
- Hosting: Rackspace and Amazon clouds, Heroku
- Our team of passionate, curious, innovative professionals
What youll bring:
- Experience with OWASP Top Ten/CWE-25 concepts, and related areas of web security such as Content Security Policy
- Experience with compliance frameworks such as PCI DSS, SOC1/2/3, ISO27001, etc.
- Sysadmin experience in an open source cloud-based environment (Linux, PostgreSQL, AWS, firewalls, ACLs, log management techniques)
- Experience (and passion!), for making things better and more secure
- Knowledge of GDPR requirements a plus
Our Engineering Values:
- We believe that ideas are more important than technologies.
- We understand that the tools we build have real-world consequences for millions of people and take that responsibility seriously.
- We know that code isnt just a set of instructions for machines, but communication with other humans; style, elegance, and respect are important.
- We believe that an ability to balance paying off technical debt and rapidly completing a project contributes to the health of the codebase, engineering team, and organization.
- We believe that being correct isnt enough; respect for your colleagues and users is fundamental.
Handling high volume is our priority. To us that means being ready for:
- 75K contributions in 5 minutes
- 7.5 million page loads in 5 minutes
- 1.5 million recurring before 7 a.m.
- 30K organizations using our platform
We use best in class tools (rails, node, postgresql, react, sidekiq/redis, chef) and methods (github, extensive automated testing, continuous integration, deployment, cloud hosting) to deliver the best technology in politics.
Were a small (but growing!) team passionate about changing our country. Each and every one of us is fully committed to our mission, and we are looking for new team members who match our passion and are ready to dive in! If you're interested, send your resume to firstname.lastname@example.org!
Follow us on:
Twitter: @ActBlue & @ActBlueTech
We offer a competitive salary and a generous compensation package, which includes commuter benefits, fully paid health, dental, and vision insurance, an employer-sponsored 401k contribution plan, and a flexible time off policy.
ActBlue believes that a diverse, inclusive staff and movement is a fundamental strength. Towards that end, were committed to hiring people of all races, ethnicities, religions, ages, sex, genders, sexual orientations, or gender identities. Women, people of color, LGBTQ individuals, and members of other minority or marginalized groups are strongly encouraged to apply.
ActBlue cannot at this time sponsor work visas.