Freedom of the Press Foundation (FPF), a nonprofit organization dedicated to protecting and defending public interest journalism, is looking for a full-time Senior DevOps Engineer to help us maintain and improve our technical infrastructure.
In this role, you will lead improvements to our Continuous Integration/Continuous Delivery infrastructure, monitoring and alerting, log ingestion and analysis, configuration management, and other systems and processes.
This position is open to remote work flexibly within PT to ET time zones, or work in our New York City offices.
Skills and Experience
- 4+ years of experience in a DevOps/SRE/Operations role as part of a team
- Experience building, using and deploying Docker container images as part of a Continuous Delivery or Continuous Deployment solution
- Experience with monitoring, metrics and logging infrastructure (e.g. Icinga/Nagios, Logstash/Kibana, etc.)
- Comfort with configuration management and orchestration tools (e.g. experience with Ansible, Molecule, Terraform is especially helpful)
- Comfort with shell and at least one language used in a DevOps context (e.g. Python, Go, Bash, Ruby, etc.)
- Experience leading complex technical changes from start to completion, including collaboration with other teams, and documentation through architecture diagrams and specifications
Great to have:
- Experience contributing to free/libre and open source software (FLOSS) projects in any capacity
- Knowledge of Kubernetes or other container orchestration solutions
- Experience building packages (Debian, Fedora or other) for software distribution
- Familiarity with security auditing/review,or implementing security controls based on standards and best practices
What you’ll be working on
In this role, you will implement critical changes to our infrastructure and in service of Freedom of the Press Foundation’s mission and programs:
- Continuous delivery for web projects
FPF operates several websites: SecureDrop.org, the US Press Freedom Tracker, Secure the News, and our main freedom.press website.
We are in the middle of transitioning the web deploy infra for these sites from an Ansible->VPS workflow to Continuous Delivery using Kubernetes/GKE. The goal is to empower our web development teams to quickly get changes out to production, potentially targeting Continuous Deployment at a later date.
By the time you join FPF, we’ll have at least one website transitioned to the new CD infrastructure. Our other sites will likely still be using the old workflow. After finishing the switchover of all sites, there are many improvements we’d like to make: per-PR creation of sandbox environments, integrity verification of container images, improved vulnerability scanning, and robust service monitoring and alerting.
As we undertake this work, we want to apply the lessons from others’ experiences with Kubernetes, and look for opportunities to collaborate with the larger open source infrastructure community.
- Infrastructure for SecureDrop
SecureDrop is open source software used by more than 65 media orgs for secure & anonymous communications between journalists and sources.
You will help maintain existing SecureDrop infrastructure, e.g., our Redmine support portal for news organizations, our self-hosted installation of Weblate for localization, build/release infrastructure, monitoring services, and so on. You will also partner with the SecureDrop team on the setup of new services, such as a clearnet demo of the SecureDrop Source Interface.
You will advise the SecureDrop team on infra questions related to the SecureDrop Workstation based on Qubes OS, e.g., the dev and release build infrastructure for Debian and RPM packages, as well as CI and testing improvements. You will have the opportunity to work directly on improvements to the SecureDrop deployment story that make SecureDrop easier to maintain for news organizations that operate it.
For inspiration, check out this PyCon 2019 talk by one of our team members:
Building reproducible Python applications for secured environments.
- Day-to-day infra maintenance
You will also work with the infra team through the tickets of the day: upgrading services and base operating systems, investigating logs, responding to internal requests for infra help, and so on. We use a Kanban style workflow (using GitHub project boards) to keep the daily ticket workload manageable.
Because of the nature of our work, we tend to place higher emphasis on security in all these day-to-day tasks than most orgs. You’ll find us using encryption, hardened kernels, enforced 2FA, and similar security measures in many parts of the infra.
There is no formal on-call rotation, and tech emergencies are thankfully rare. FPF staff are generally quite self-sufficient when it comes to day-to-day IT needs, and our Digital Security Training team provides in-house training for new staff, as well.
Working with us
Freedom of the Press Foundation serves its mission through three key program areas. We create open source technology like SecureDrop, which more than 65 news organizations use to communicate securely with whistleblowers. We provide digital security training to journalists. We monitor and report on press freedom violations in the United States and around the world.
We achieve this with a staff of just 21 people. In this role, you will be working alongside our Site Reliability Engineer, Keturah Dola-Borg, and reporting to our CTO, Conor Schaefer. You will also work on developer environment changes and production deploys with Principal Web Developer Harris Lapiroff, and on security issues with our Security Engineer, Mickael E..
To apply, please send a short cover letter and your resume to <[email protected]> by October 25, 2019. Please include links to your prior technical work where appropriate. Freedom of the Press Foundation is an equal opportunity employer. Non-binary individuals, women, and minorities are strongly encouraged to apply.
The budgeted base salary range for this position is $90,000 to $110,000, but final compensation will depend on the successful candidate’s qualifications and prevailing payscale in their location.
Benefits of the job include a competitive nonprofit salary, trans-inclusive health (United Healthcare Select Plus) and dental insurance, 20 days of personal time off, 13 paid holidays plus the week between Christmas and New Year’s Day, 401(k) program with employer match, and commuter benefits. We are happy to answer any questions about these benefits. We value work-life balance, we try to foster a kind, inclusive and collaborative culture, and we adhere to a Code of Conduct to strengthen and protect that culture. We strive to be disability- and family-friendly, and can work with you on a core/flexible hours workday configuration if necessary, as well as any other accessibility accommodations you may require.