WHO WE ARE:
ActBlue is a nonprofit that builds tech and infrastructure for Democratic campaigns, progressive-aligned causes, and people trying to make an impact in order to fuel long-term, people-powered change. If you’ve ever given online to a Democrat or progressive organization, chances are you’ve used our powerful online fundraising platform.
We put power in the hands of small-dollar donors and help thousands of groups — from presidential candidates to environmental organizations — build grassroots movements. We envision a democracy where everyone looking to make progressive people-powered change can easily and effectively deploy their resources, energy, and creativity to shape our country and futures. Each and every one of us, from the political activists to the tech innovators to the customer service pros, is fully committed to our mission.
Our security team is growing, and we are looking for a skilled web application security professional to join us. As a member of our application security team, you will have the autonomy to explore our web platform, identify areas for improvement, and put in whatever proactive security enhancements you deem necessary.
WHAT YOU WILL DO:
- Oversee security aspects of the evolution of our public facing rails platform.
- Respond in real time to evolving web attacks across our suite of services.
- Perform security code reviews in Ruby and NodeJS.
- Operate our responsible disclosure bug bounty program.
- Assess risk and escalate findings within the business.
WHAT YOU BRING:
- Experience with OWASP principles, Content Security Policy, CORS, HSTS, etc.
- Experience with (and passion for) hunting vulnerabilities in web applications.
- Experience with WAF deployment and maintenance
LOCATION AND COMPENSATION:
This posting is for a full-time, remote, salaried position. ActBlue is currently authorized to support remote work employees in California, Colorado, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Washington D.C., and Wisconsin.
Salary Range: We offer a competitive salary and a generous compensation package, which includes Benefits listed below:
- Flexible work schedules and an unlimited time-off policy
- Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families
- Automatic 2% 401K contribution, plus up to 6% match
- Three months paid parental leave for all new parents, adoptions included; 4 weeks of a fully paid flexible work schedule; plus an additional one week of paid leave and an additional one week of flexible work schedule for every full year the employee has worked for ActBlue
- Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
- Additional perks including monthly snack deliveries and digital subscriptions to the Boston Globe & New York Times
ActBlue is unable to sponsor work visas at this time.
Women, people of color, LGBTQIA2S+ individuals, and members of other minority or marginalized groups are strongly encouraged to apply. ActBlue is an equal opportunity employer and does not discriminate against candidates on the basis of race, ethnicity, religion, sex, gender, sexual orientation, gender identity, disability status, or veteran status.
ActBlue is also committed to providing reasonable accommodations to individuals with disabilities throughout the interview and employment process, including using our online system to apply for a position.
OUR ENGINEERING VALUES:
- We believe that ideas are more important than technologies.
- We understand that the tools we build have real-world consequences for millions of people and take that responsibility seriously.
- Security is at the center of everything we do. We are always on the lookout for ways to further harden our platform.
- We know that code isn’t just a set of instructions for machines, but communication with other humans; style, elegance, and respect are important.
- We believe that an ability to balance paying off technical debt and rapidly completing a project contributes to the health of the codebase, engineering team, and organization.
- We believe that being correct isn’t enough; respect for your colleagues and users is fundamental.