ActBlue: Web Applications Security Engineer
366 Summer Street
Somerville, MA 02144

Web Application Security Engineer

At ActBlue Technical Services, we build and maintain a powerful online fundraising platform for Democratic campaigns, progressive organizations, and nonprofits working to create a better future. We put power in the hands of small-dollar donors by making it easier for grassroots supporters to make their voices heard and by helping thousands of groups from presidential candidates to environmental organizations build people-powered movements.

If youve ever given online to a Democratic candidate or progressive organization, chances are youve used our software. Our team has a big impact on the future of our country, and with the 2020 elections on the horizon, were busier than ever helping small-dollar donors make an impact and take on Trumps administration.

We are seeking a Security Expert who also has a strong background in Rails to keep us protected against ever-evolving software, hardware, and social engineering attacks. We offer autonomy, responsibility, and amazing in-office and remote colleagues geeking out about politics and tech all day, plus generous benefits. You could work remotely from anywhere in the U.S.; our Somerville, MA HQ; or our office in Portland, OR.

"This position is great for a person who has a broad range of interests across security domains. We are reshaping the appsec practice throughout the organization, implementing new processes and tooling to ensure that ActBlues mission is well-supported now and in the future. On a daily basis, youll face challenging architectural, implementation, and business logic concerns, the solution for many of which will have a direct impact on our democracy!" - Darian Patrick, ActBlue SecEng Lead

WHAT YOU'LL BE DOING:

  • Overseeing security aspects of the evolution of our public facing rails platform
  • Static and on-demand code review
  • Operating our responsible disclosure bug bounty program
  • Risk assessment and escalation of findings with the business.

WHAT YOU'LL BE WORKING WITH:

  • Our stack: Ruby on Rails, React, PostgreSQL, Node.js, Redis
  • Hosting: Rackspace and Amazon clouds
  • Our team of passionate, curious, innovative professionals

WHAT YOU'LL BRING:

  • Experience with OWASP principles, Content Security Policy, CORS, HSTS, etc.
  • Experience (and passion for), hunting vulnerabilities in web apps.
  • Proficiency in Ruby, JavaScript, or Python

OUR ENGINEERING VALUES:

  • We believe that ideas are more important than technologies.
  • We understand that the tools we build have real-world consequences for millions of people and take that responsibility seriously.
  • We know that code isnt just a set of instructions for machines, but communication with other humans; style, elegance, and respect are important.
  • We believe that an ability to balance paying off technical debt and rapidly completing a project contributes to the health of the codebase, engineering team, and organization.
  • We believe that being correct isnt enough; respect for your colleagues and users is fundamental.

Handling high volume is our priority. To us that means being ready for:

  • 75K contributions in 5 minutes
  • 7.5 million page loads in 5 minutes
  • 1.5 million recurring before 7 a.m.
  • 30K organizations using our platform

We use best in class tools (rails, node, postgresql, react, sidekiq/redis, Chef, Terraform, Jenkins) and methods (github, extensive automated testing, continuous integration, deployment, cloud hosting) to deliver the best technology in politics.

You can work in our Somerville, MA HQ; our satellite office in Portland, OR; or remotely from anywhere in the US (CA, CO, MD, NY, RI, TX, UT, and WI are preferred).

Were a growing team passionate about changing our country. Each and every one of us is fully committed to our mission, and we are looking for new team members who match our passion and are ready to dive in! If you're interested, send your resume to techjobs@actblue.com!

Follow us on Twitter @ActBlue and our blog

We offer a competitive salary and a generous compensation package, which includes commuter benefits; fully paid and trans-inclusive health, dental, and vision insurance; an employer-sponsored 401k contribution plan; a generous professional development stipend; three months paid parental leave for all genders, adoptions included; and a flexible time off policy.

Women, people of color, LGBTQ individuals, and members of other minority or marginalized groups are strongly encouraged to apply. ActBlue is an equal opportunity employer and does not discriminate against candidates on the basis of race, ethnicity, religion, sex, gender, sexual orientation, gender identity, disability status, or veteran status.

ActBlue cannot at this time sponsor work visas.

OLD POSTING:

At ActBlue Technical Services, we build and maintain a powerful online fundraising platform for Democratic campaigns, progressive organizations, and nonprofits working to create a better future. We put power in the hands of small-dollar donors by making it easier for grassroots supporters to make their voices heard and by helping thousands of groups from presidential candidates to environmental organizations build people-powered movements.

If youve ever given online to a Democratic candidate or progressive organization, chances are youve used our software. Our team has a big impact on the future of our country, and with the 2020 elections on the horizon, were busier than ever helping small-dollar donors make an impact and take on Trumps administration.

We are seeking a Security Expert who also has a strong background in Rails to keep us protected against ever-evolving software, hardware, and social engineering attacks. We offer autonomy, responsibility, and amazing in-office and remote colleagues geeking out about politics and tech all day, plus generous benefits. You could work remotely from anywhere in the U.S.; our Somerville, MA HQ; or our office in Portland, OR.

"This position is great for a person who has a broad range of interests across security domains. We are reshaping the appsec practice throughout the organization, implementing new processes and tooling to ensure that ActBlues mission is well-supported now and in the future. On a daily basis, youll face challenging architectural, implementation, and business logic concerns, the solution for many of which will have a direct impact on our democracy!" - Darian Patrick, ActBlue SecEng Lead

WHAT YOU'LL BE DOING:

  • Overseeing security aspects of the evolution of our public facing rails platform
  • Managing our PCI auditor relationship and annual compliance audits
  • Running our responsible disclosure bug bounty program
  • Supervising technical aspects of office IT security

WHAT YOU'LL BE WORKING WITH:

  • Our stack: Ruby on Rails, React, PostgreSQL, Node.js, Redis
  • Hosting: Rackspace and Amazon clouds
  • Our team of passionate, curious, innovative professionals

WHAT YOU'LL BRING:

  • Experience with OWASP principles, Content Security Policy, CORS, HSTS, etc.
  • Experience (and passion for), hunting vulnerabilities in web apps.
  • Proficiency in Ruby, JavaScript, or Python

OUR ENGINEERING VALUES:

  • We believe that ideas are more important than technologies.
  • We understand that the tools we build have real-world consequences for millions of people and take that responsibility seriously.
  • We know that code isnt just a set of instructions for machines, but communication with other humans; style, elegance, and respect are important.
  • We believe that an ability to balance paying off technical debt and rapidly completing a project contributes to the health of the codebase, engineering team, and organization.
  • We believe that being correct isnt enough; respect for your colleagues and users is fundamental.

Handling high volume is our priority. To us that means being ready for:

  • 75K contributions in 5 minutes
  • 7.5 million page loads in 5 minutes
  • 1.5 million recurring before 7 a.m.
  • 30K organizations using our platform

We use best in class tools (rails, node, postgresql, react, sidekiq/redis, chef) and methods (github, extensive automated testing, continuous integration, deployment, cloud hosting) to deliver the best technology in politics.

Were a small (but growing!) team passionate about changing our country. Each and every one of us is fully committed to our mission, and we are looking for new team members who match our passion and are ready to dive in! If you're interested, send your resume to techjobs@actblue.com!

Follow us on:

Github: https://github.com/actblue

Twitter: @ActBlue & @ActBlueTech

We offer a competitive salary and a generous compensation package, which includes commuter benefits, fully paid health, dental, and vision insurance, an employer-sponsored 401k contribution plan, and a flexible time off policy.

Women, people of color, LGBTQ individuals, and members of other minority or marginalized groups are strongly encouraged to apply. ActBlue is an equal opportunity employer and does not discriminate against candidates on the basis of race, ethnicity, religion, sex, gender, sexual orientation, gender identity, disability status, or veteran status.

ActBlue cannot at this time sponsor work visas.

Full-time