Logo for Python Software Foundation

Security Developer

Role overview

Qualifications

  • 3-5 years experience with Python or C programming languages
  • Knowledge about vulnerabilities affecting programs written in C
  • Asynchronous and written communication skills
  • Experience working with open source projects and communities

Responsibilities

  • Triage and remediate vulnerabilities in CPython and related projects
  • Remediate malware and supply-chain attacks for projects on the Python Package Index
  • Maintain and operate infrastructure for the Python Security Response Team
  • Propose and develop improvements to the above workflows

About the company

Python Software Foundation logo

Python Software Foundation

Non-profit Organizations

The Python Software Foundation (PSF) is a 501(c)(3) non-profit corporation that holds the intellectual property rights behind the Python programming language. We manage the open source licensing for Python version 2.1 and later and own and protect the trademarks associated with Python. We also run the North American PyCon conference annually, support other Python conferences around the world, and fund Python related development with our grants program and by funding special projects.

Company details

IndustryNon-profit Organizations
Company size2 - 10

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Working with the Python Security Response Team, Python core team, and Python Package Index (PyPI) admins to ensure Python is secure for its global and diverse user base. The core mandate for this role is to drive vulnerability reports to remediations and advisories, mitigating malware on the PyPI, and developing solutions to scale our capacity to respond ahead of the growth curve.

You’ll be part of the small-but-mighty team at the Python Software Foundation, the US non-profit organization working every day to help Python and its community thrive. Most of your days will be time-boxing between day-to-day vulnerability coordination and malware handling work alongside long-term projects like documentation, tool development, and gathering and sharing metrics.

Core Responsibilities & Development
  • Triage and remediate vulnerabilities in CPython and related projects in coordination with the Python core team.
  • Remediate malware and supply-chain attacks for projects on the Python Package Index.
  • Maintain and operate infrastructure for the Python Security Response Team, PSF CVE Numbering Authority, and security tools in use by Python, like OSS-Fuzz.
  • Propose and develop improvements to the above workflows to scale the response to meet future demand. 
Standards, Documentation, Communications
  • Work with the Python Security Response Team and Python core team to develop and refine vulnerability and secure development practices.
  • Work with the Python core team to document the security and threat models for the Python programming language, standard library, and related projects.
  • Researching, authoring, and publishing public communications about metrics, impact, and potential future work for Python security.
Qualifications

3-5 years experience with Python or C programming languages. Knowledge about vulnerabilities affecting programs written in C, such as memory safety issues. Asynchronous and written communication skills with the ability to manage and prioritize multiple concurrent threads. Experience working with open source projects and communities is a plus.

Security certifications are not required. An ideal candidate will have a collaborative and flexible attitude suited to working with a community of passionate volunteers on small, mutually-supporting teams. Don’t worry if you don’t check all the boxes or aren’t a “security expert”, above all we’re looking for someone who is eager to learn while securing the many domains and users the Python language serves.

Desired Experience

Experience with secure development practices for Python and C programming languages. Experience with vulnerability disclosure, CVE, security teams, and threat models. Experience with code quality and security tools like fuzz-testing, address and memory sanitizers. Experience writing technical documentation. Experience working in public or with open source projects.

Details
  • Location: Global remote. Regular collaboration with US timezones will be required.
  • Compensation: $70-$170K (Based on experience and local employment package norms. US employees are eligible for healthcare and other benefits)
  • Term: 1 year, with possibility of renewal
  • Travel: One trip per year to PyCon US.

The Python Software Foundation is a US 501(c)(3) non-profit corporation that holds the intellectual property rights behind the Python programming language. We also run the PyCon US conference annually, support other Python conferences/workshops around the world, and fund Python-related development with our grants program. To see more info about the PSF, check out our Annual Impact Report and public records.

We believe that the future of open source must include everyone. We welcome all job-seekers regardless of race, color, ethnicity, religion, age, sexual orientation, gender identity or expression, national origin, physical appearance, body size, socio-economic, veteran or disability status. Python is a global community and the PSF aims to support a safe environment for all. More information can be found on our Code of Conduct page.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Analyst Related jobs

Other jobs at Python Software Foundation

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.