Headquarters: College Park, Maryland, USA
Type of Position: Contractor, Full-Time, 8 months Contract
WHO WE ARE
Anytime, Anywhere, Any Computer Access. We’re an international coalition of individuals and organizations dedicated to ensuring that the Internet, and everything available through it, is accessible to people with accessibility barriers due to disability, literacy, digital literacy, or aging, and regardless of their economic resources. Our vision is to revolutionize the landscape of assistive technology by creating an infrastructure to facilitate the development, distribution, and support of a wide range of affordable accessibility solutions around the world. That is, the Global Public Inclusive Infrastructure (GPII).
You will help a team of bright and talented developers located across continents who are passionate about our vision, that of radically improving the access to technology. How? By helping to develop associated system that supports the “portability” of user preferences across any platform or device -- that makes it easier for anyone to be able to have the technology they encounter automatically change into a form they can understand and use.
WHAT YOU WILL DO
- Work with the development team to secure the Global Public Inclusive Infrastructure (GPII) application and architecture against attacks and intrusion.
- Advise on regulations and laws that GPII needs to comply with, including a specific list of concrete technologies and processes that need to be implemented in different scenarios where the GPII applications will be used with (public cloud, on premises servers, etc.) so the application is compliant.
- Identify common threats that the GPII may be vulnerable to, assessing the extent to which we have strategies for protecting against them, and devising and co-implementing an architecture for protecting against those issues that we don’t currently address, e.g., credentials theft, etc.
- Work with the infrastructure team to set up an automated, periodic security audit system using a security scanner/reporting tool (e.g. Nessus, Metasploit, etc) and expose / synthesize results.
- 10+ years experience implementing code for secure web-based authorization flows, especially including, but not limited to OAuth 2.
- Experience developing (and preferably also securing) Node.js applications.
- Experience in securing communications at the transport level, including securing TLS negotiation, certificate management and DNSSec.
- Familiar with the underlying algorithms and libraries which are invoked during the process of setting up a secure connection to an HTTPS server, and how this process may be subverted, and be able to set up test fixtures which probe an installation for vulnerabilities in this area (either by writing code or by configuring a prebuilt toolkit).
- Knowledge and experience deploying, maintaining, and using security scanning/reporting software (e.g. Nessus, Metasploit, arachni, w3af, etc.), including using fuzzing techniques.
- Experience securing applications on multiple operating systems including Windows, Linux and Mac.
- Experience working in and submitting pull requests to open source projects, applying software development methodologies and strategies appropriate to open source collaboration.
- Experience writing comprehensive unit and acceptance tests for all aspects of the developed.
To apply: Funding for the project is managed by the University of Maryland. To apply, you should register in eMaryland Marketplace at https://emaryland.buyspeed.com/bso/ and apply by 16-June-2017. Search for bid: MDUMPC31033239