Engineering Manager, SecureDrop

Position description

Freedom of the Press Foundation (FPF), a nonprofit organization dedicated to protecting, defending, and empowering public interest journalism, is hiring an engineering manager to oversee its SecureDrop development team. Reporting to the chief technology officer, this role will manage a remote and internationally distributed team of software engineers who work on SecureDrop, an open source whistleblower submission platform. SecureDrop makes it possible for newsrooms to manage their most sensitive submissions, from the next big story about abuse of government power to the exposure of corruption at the local level. 

About SecureDrop

SecureDrop is an open source whistleblower submission system used by journalists to communicate with sources. Through its hardened architecture and the use of the Tor network, it offers whistleblowers strong security and anonymity protections. It is used by more than 70 news organizations worldwide, including The New York Times, The Washington Post, The Guardian, and Al Jazeera.

SecureDrop is composed of a variety of components: 

• SecureDrop Server: an anonymous whistleblowing system, deployed on hardened and Ansible-managed Ubuntu servers, hosting two web applications available as Onion services over the Tor Network.
• SecureDrop Workstation: a platform built on top of Qubes OS to make SecureDrop faster and simpler for journalists to use. It consists of multiple GUI applications and services that span across a suite of SaltStack-provisioned, task-specific virtual machines. 
• SecureDrop Protocol: an end-to-end protocol designed specifically for whistleblowing systems, and intended for a future reimplementation of SecureDrop Server. This also encompasses our work on WEBCAT, to verify the integrity of code running in the browser.

For now, our main focus is on improving and expanding the functionality of SecureDrop Workstation, while maintaining SecureDrop Server. Future plans include a rewrite of the server application, using SecureDrop Protocol, to allow for easier deployments while preserving the security properties of the current system. As part of the team, a successful candidate will have a key role in these efforts.

Responsibilities

• Manage and mentor a high-performing team, fostering a collaborative, mission-driven culture:
  • Help address impediments or blockers to your team’s progress, be they administrative, technical, or organizational
  • Facilitate the development of individual and team goals, and, in collaboration with the team’s tech lead, make regular updates to the SecureDrop development road map
  • Represent team members within the organization, while creating opportunities for your team to do so as well
  • Develop best practices in asynchronous collaboration, including clear documentation of discussions and decisions
• Provide performance reviews, and plan and implement compensation changes in coordination with leadership and HR
• Identify key capacity gaps within the team and act as hiring manager for agreed-upon hires on your team
• Ensure effective planning and facilitation of team meetings in the context of a distributed team spanning multiple time zones
• Manage the development process and ensure effective, agile project management of the SecureDrop team’s commitments
• Manage and oversee the SecureDrop team’s budget, and collaborate with the fundraising team on grant proposals and other fundraising initiatives
• Manage relationships with external vendors for purposes such as security audits or project-level engagements

Qualifications

Required

• Proven engineering leadership and people management experience: three-plus years of experience as a software or infrastructure engineer, and four-plus years as a manager for a team that ships production code
• Agile project stewardship: demonstrated ability to run sprint planning, retrospectives, backlog grooming, or comparable team processes for a distributed team
• Hiring and capacity building: experience crafting role definitions, running inclusive interview and review processes, and onboarding new engineers
• Commitment to public-interest journalism: You’re motivated to advance press freedom and whistleblower protection through open source technology

Preferred

• Experience contributing to or managing open source projects with external contributors and stakeholders
• Practical experience with secure software development life cycles, threat modeling, incident response, and coordinating independent security audits.
• Experience leading asynchronous teams across time zones
• Working knowledge of Python, Rust, Git, and other technologies used as part of SecureDrop development

Working with us

This is a full-time role with a competitive nonprofit salary in the range of USD $155,000-165,000/year, depending on experience. This position will preferably be based in FPF’s Brooklyn headquarters; however, strong U.S.-based remote candidates will also be considered. For more information on our full benefits package, please visit our website’s careers page. 

FPF does not discriminate on the basis of an individual’s sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual or reproductive health decisions, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status, and other personal characteristics protected by law.

How to apply

If you think you’d like to be a part of our team, please submit your résumé and a cover letter expressing why you are interested in the position (no longer than one page).

After an initial application review, FPF’s hiring process typically involves a phone screening, a skills assessment, panel interviews with team members, and a final meeting with our executive director.