Security Analyst
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time
This job ad has been posted over 40 days ago! (*)
Location: Remote position. Applicants must work within time zones UTC +0 to UTC +4.
Application Deadline: Jan 31 2023, at 11:59 P.M. CET
The Organized Crime and Corruption Reporting Project (OCCRP) is a growing, global nonprofit media organization that is reinventing investigative journalism for the public good. By developing and equipping a global network of investigative journalists and publishing their stories, we expose crime and corruption so the public can hold power to account. We see a future where organized crime and corruption are drastically reduced, and democracy is strengthened. Our global team includes editors, researchers, data engineers, security specialists, administrators, technologists, and strategists, each with areas of in-depth expertise.
Position Overview
OCCRP is looking for an experienced DevOps Engineer to join our small Infrastructure Team. The team provides a range of self-hosted services internally for staff and journalists, as well as for some of our member centers and publishing partners. The team also researches, designs and implements solutions for OCCRP’s ever-changing needs. For example, this can involve handling datasets used for investigations, supporting the publication workflow or re-modelling user interaction and authorization between our services.
There is an ongoing change away from traditional Ops management to DevSecOps practices, and contributing to improvements in the infrastructure and how the team works will be required and welcome. You will work closely with the team on its workload semi-formally and should have good communication skills to enable this. You will be expected to work using our Project and Change management processes. Knowledge sharing and documentation are recognized by the team as key aspects of work, and you should feel comfortable doing both to a good standard.
You will be expected to manage your workload and be able to prioritize assigned tasks accordingly. The team organizes around minimal but periodic meetings during the week, with focused meetings for specific topics. Your work will also extend to assisting others in the organization, ranging from Web Publishing to the Helpdesk.
Job Description
Responsibilities include:
● Ensuring security is front and center of your work and our systems.
● Maintaining infra configuration codebase and CI/CD system.
● Taking ownership of specific areas of infra, and continuously working to improve them.
● Working with other teams - Publishing, Research and Data, and Products - to propose and implement systems that meet their needs.
● Carrying out maintenance to software components and services.
● Handling monitoring and observability.
● Conducting audits of usage, both in the technical and user sense.
● Sharing knowledge within the team.
● Writing technical documentation as required.
● Assisting the security team with their work when requested.
● Dealing with third-party suppliers.
● Supporting other members of the infrastructure team with technical issues.
● Introducing new technologies, ideas and skills into the team and wider department.
● Deputizing for the team lead for short periods, i.e. during leave.
Person Description
Skills:
Essential
● Good working knowledge of Kubernetes.
● Good working knowledge of Ansible or other IaC tooling.
● Good working knowledge of CI/CD.
● Good working knowledge of Linux-based operating systems, such as Debian.
● Ability to write good technical documentation.
● Good interpersonal skills with open communication.
● Good written and spoken English.
● Knowledge of the following technologies
○ Nginx
○ Bash/Python/Git
○ Database Management (Postgres/MySQL)
○ GPG, TLS/SSL and the usual security essentials.
Desirable
● Understanding of Process and Project methodologies.
● Experience with Google Cloud Platform.
● Encrypted mailing and messaging systems.
● IdP/SSO (OAuth/SAML) systems.
Experience:
Essential
● Experience running and maintaining self-hosted application environments.
● Automation of deployment and integration with CI/CD pipelines.
● Managing systems with a ‘security first’ approach.
● Ability to manage and prioritize own workload.
● Working within a team or multi-stakeholder environment.
Desirable
● Previous infrastructure management experience.
● Project management experience.
● DDoS mitigation and prevention.
● Do you like complex systems?
To Apply
To apply, please email your CV and a Cover Letter to jobs(at)occrp.org
All applications must be submitted in English. Incomplete applications will not be considered. Whilst we have internal goals to reply to unsuccessful candidates, we regret that the high number of applicants greatly exceeds our capacity to respond to each person. We apologize that we will not be able to reply to any unsuccessful applicants.
As an equal-opportunity employer, OCCRP values having a diverse workforce and continuously strives to maintain an inclusive and equitable workplace. We encourage people with a diverse range of backgrounds to apply. We do not discriminate against any person based on race, religion, color, national origin, sex, medical conditions, family status, sexual orientation, gender identity, gender expression, age, disability, genetic information, or any other legally protected characteristics. If you are a qualified applicant requiring assistance or an accommodation to complete any step of the application process, please contact hr(at)occrp.org
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time
2022-12-02 - at The Organized Crime and Corruption Reporting Project (OCCRP) — Worldwide/Remote Full-time