Trestle is seeking Application + IT Security Specialists from all backgrounds and walks of life who have experience and passion for building inclusive, human-centered, accessible and secure digital products, services and organizations that are critical to the success of movement groups, non-profits, progressive candidates and committees.
Experience with both application security and IT security is welcome but not necessary. We are seeking people with experience in either space.
This is a call to join the Trestle Network: a community of technologists who we engage on an ongoing freelance basis to work on some of the most critical technological challenges for the progressive movement this year and beyond.
We seek folks who care deeply about the pressing issues of our day. We strongly encourage BIPOC, people with disabilities, people of diverse sexual orientations, gender expressions and identities to apply.
About the role:
Compensation: $175 per hour or $150 for monthly retainers
Once you’re in the Trestle Network, you’ll be matched with projects based on the needs of the engagement and your availability – this may happen right away, or it may take some time.
Project time commitments are varied: they range from 15 - 40 hours per week.
Projects typically last 1 month, though a handful will be 3+ months long.
Project work will be conducted 100% remotely. Once on a project, you’ll engage regularly with both your partner org and the other technologists in the Network via Slack.
We’ll support you with community, feedback and support of a cohort of peer technologists working across the sector.
We provide the tools and framework for the engagement, you bring your knowledge and willingness to work with partners to make their software better!
What you’ll do:
You’ll collaborate with small teams to help organizing, advocacy and direct service organizations quickly identify and respond to gaps in their existing security practices and technology systems. Activities include:
Interview and embed with team members of high impact social change, political and progressive organizations to understand software architecture, reliability, security gaps of various organizations;
Collaborate with partner orgs and Trestle engineers to assess, analyze and make recommendations to resolve security issues;
Help to implement application security best practices such as DDOS mitigation and caching fine-tuning;
Advise and help implement organizational security practices such as personal security recommendations and systems for document access and permissions.
Application security experience we’re looking for:
Deep knowledge of common OWASP and cloud infrastructure vulnerabilities;
Expertise with AWS, GCP and other cloud infrastructure, securing Kubernetes and databases;
Prior expertise setting up and fine-tuning Web Application Firewalls and CDN providers such as Cloudflare or Fastly.
IT security experience we’re looking for:
Expertise for auditing and administering GSuite and/or Microsoft 365;
Ability to run organizational security trainings and diagnose and/or answer questions from clients;
Able to audit, and set up proper mail settings such as SPF, DKIM and DMarc.
Other things we’re looking for:
A strong commitment to working on teams within a values system that includes diversity, equity, and inclusivity;
Dedication to agile, human-centered, and standard industry best practices for product development;
Great communication skills, including the ability to jump in and communicate with new team members on short timelines. Must be comfortable synthesizing and explaining technology projects in layperson’s terms, both verbally and in writing;
A positive attitude and the ability to work well under pressure. We’re looking for “can do” people who are comfortable working in busy/high-pressure situations.
We are an Equal Opportunity Employer with a strong commitment to diversity of staff and leadership. We are tracking identity in our applications and our hiring processes to ensure we are holding ourselves accountable to our values. The identity question in the application form is completely optional and cannot be used to determine specific hiring decisions.