Senior Software Engineer (Security & Privacy)

Timezone preference: GMT-5 through GMT+1

Senior Software Engineer (Privacy)

Summary

The Wikimedia Foundation is seeking a Senior Software Engineer to join our Product Safety and Integrity team. In this hands-on engineering role, you will develop new security features to protect Wikipedia and other Wikimedia projects. You will collaborate with engineers and product managers to design and implement robust solutions that safeguard users and ensure the platform's resilience against attacks.

We are looking for a seasoned software engineer with proven experience building security features within large-scale systems. You possess a strong understanding of testing, documentation, and common pitfalls in developing secure web applications. A passion for the Wikimedia Foundation's mission is essential, as our work is highly transparent and impacts thousands of editors daily.

You will primarily work on the MediaWiki platform, which powers Wikipedia. As a top 10 website, we must meet stringent performance standards while addressing evolving security challenges. This includes supporting modern authentication technologies, detecting and preventing platform abuse from bots, and enhancing our security architecture to defend against emerging threats.

You are responsible for:

• Designing, developing, and delivering security features with a focus on safety and privacy.
• Collaborating with other engineering teams to ensure secure and compliant architectural and implementation choices.
• Leading by example in code review, decision-making, and fostering a team culture of transparency, empathy, and collaboration.
• Developing, reviewing, and deploying security features created by the Foundation and community members.
• Conducting internal and external security and privacy reviews.
• Performing maintenance and addressing technical debt in security and privacy-critical components.
• Providing support for application security and privacy incidents and operations.

Skills and Experience:

We prioritize mindset and potential over a rigid checklist of experiences. The following traits are key to success in our team:

• 5+ years of experience as a software engineer, ideally with a focus on security or privacy engineering.
• Ability to work effectively in a modern web application environment (primarily PHP and JavaScript).
• Deep PHP experience is not strictly required; sufficient experience in engineering and backend web development to quickly learn and contribute effectively is valued.
• Driving technical quality and operational excellence by defining and reinforcing standards in testing, observability, and system reliability.
• Comfortably and autonomously creating proofs of concept, writing design documents, and breaking down complex projects into actionable tasks to support less experienced team members.
• Experience in developing secure software or security and privacy-related product features.
• A strong interest in collaborating with a talented security team and developing specialist security skills, such as exploiting and mitigating application-level vulnerabilities.
• Ability to explain complex security issues and their implications on privacy and risk to non-technical audiences.
• Sensitivity to the security and privacy challenges faced by participants in a large, international project.
• Experience working effectively in a remote, distributed team environment.

Additionally, we'd love it if you have:

• Experience working on anti-abuse mechanisms, such as detecting bots or coordinated activity.
• Previous experience building security countermeasures against attacks at the web, backend, and database levels.
• Experience finding and fixing security bugs and conducting code reviews for security gaps.
• A working knowledge of threat modeling, secure design patterns, and privacy by design principles.
• Prior experience with MediaWiki or other Wikimedia projects.
• Contributions to open-source software.

About the Wikimedia Foundation:

The Wikimedia Foundation is the nonprofit organization that operates Wikipedia and its sister free knowledge projects. Our vision is a world where every human can freely share in the sum of all knowledge. We believe in everyone's potential to contribute to shared knowledge and the universal right to access it freely. We host Wikipedia, develop software for reading, contributing, and sharing Wikimedia content, support our volunteer communities and partners, and advocate for policies that enable free knowledge to flourish.

As a charitable, not-for-profit organization, the Wikimedia Foundation relies on donations from millions of individuals globally, alongside institutional grants. We are a United States 510(c)(3) tax-exempt organization with offices in San Francisco, California, USA.

The Wikimedia Foundation is an equal opportunity employer committed to fostering a diverse, inclusive, and equitable workplace. We encourage applications from individuals with a wide range of backgrounds and do not discriminate based on race, religion, color, national origin, sex, pregnancy, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other legally protected characteristic.

We are a remote-first organization with staff and contractors in over 40 countries. Salaries are competitive, equitable, and consistent with our values. The anticipated annual pay range for US-based applicants is US$113,082 to US$175,725, with individualized factors like cost of living determining the final offer. For applicants outside the US, the pay range will be adjusted to the country of hire. We do not consider salary history. Compensation is based on skills, experience, and location.

We are currently able to hire in the following:

• US States: Arizona, California, Colorado, Connecticut, District of Columbia*, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Maryland, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New Mexico, New York, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Puerto Rico*, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, and Wyoming (*US Territory or Federal District)
• Countries: Brazil, Canada, Colombia, France, Germany, Ghana, India, Indonesia, Italy, Kenya*, Mexico, Morocco, Netherlands, Poland, Singapore*, South Africa, Spain, Switzerland, and the United Kingdom. Non-US employees are hired through a local third-party Employer of Record (EOR) and must have current work authorization in their location. (*citizens/permanent residents only)

This list is periodically reviewed to align with our hiring requirements.

Applicants can contact their recruiter for specific pay range information for their location during the interview process.

If you require assistance or accommodation to complete any step of the application process due to a disability, please contact us at [email protected] or +1 (415) 839-6885.

More Information:

• U.S. Benefits & Perks
• Applicant Privacy Policy
• Wikimedia Foundation
• What does the Wikimedia Foundation do?
• What makes Wikipedia different from social media platforms?
• Our Projects
• Our Tech Stack
• News from across the Wikimedia movement
• Wikimedia Blog
• Wikimedia 2030