Tim Pastoor ✅ is a user on maly.io. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Experienced in #InfoSec? Want to help journalists stay safe and change the world? OCCRP is hiring a Security Analyst:
occrp.org/en/occrp-jobs/securi

This can be a remote position, but relocation to beautiful Sarajevo is welcome. Don't let the requirement list put you off, apply even if you feel you might not fully meet all them.

You'll be working in a global team of techies, using FLOSS technologies, keeping data and people safe and secure in the changing digital landscape.

Tell your friends, too!

A message from our Tech Team:

Many of #InfoSec folk here on #Fediverse have boosted and favourited our toot about Security Analyst position we have open -- thank you!

And yet we have not received a lot of applications so far.

Don't be shy. Don't let the Impostor Syndrome get to you. You don't need a diploma or dozens of certificates to apply. You won't be wasting our time.

We're hackers like you. We need you.
occrp.org/en/occrp-jobs/securi

Tim Pastoor ✅ @tim
Follow

@OCCRP I wish you the best candidates!

Side note: Just me or are job vacancies for these positions great material for any intruder doing his/her homework?

· Web · 0 · 0

@tim @OCCRP it's a trade-off. Either we publish some bit of information that might be helpful for a potential attacker, but will allow us to get candidates that fit us better; or we don't.

We try to tread this line carefully, and we try to have our systems set up in a way that the information we publish will not make us unsafe.

Information we published in that job description is reasonably expected to have already been available to a well-prepared attacker from other sources anyway.

@rysiek @OCCRP Thanks for elaborating. I wouldn't have a better answer myself. It was just one of the things that came to mind, and always comes to mind for me with such vacancies. The paranoia is there, but I lack some skills, otherwise I would've surely loved to help your organization become more secure. Keep up the good work!

@tim @OCCRP thanks. Appreciate your responsible disclosure! :)

I'd be happy to have a look at your resume anyway, the requirements we listed are pretty heavy, not checking all of the boxes is fine.

@rysiek @OCCRP Thank you. I surely appreciate that. However, four years ago I quit the day-job to work as an independent researcher (on P2P identity & reputation systems), and things are finally coming along.

Is the job remote? I might know one or two people who I could poke.