Security Technical Writer
We are seeking a Security focused Technical Writer to join our team, who will help contribute to the curation of a Security Advisory Database. You will analyze, verify and fully document vulnerability reports, in order to address the problems of vulnerability uniqueness, transparency, and disclosure. The documented vulnerability information shared in the database informs developer and powers many commonly used open source tools.
If you have a solid technical writing foundation and a passion for information security, then this role of securing open source software development might be the perfect opportunity for you.
Note that the initial engagement is a 6-month contract.
You Are a Good Fit If:
- You are passionate about helping your audience through great documentation regardless of experience level.
- You are self motivated, highly organized, and seeking a high performance culture.
- Your decisions are quick, calculated, and based in fact or backed by research.
- You enjoy organizing and searching for information.
- You have the confidence to respond to a problem with “I don’t know, but I will find out!” and the knowledge and research mindset to learn.
- You have worked either within or with engineers in the security/product security space
Responsibilities and Duties – In This Role You Will:
- Ensure the completeness and correctness of the advisory data within the existing database.
- Review, fully document, curate and publish security advisories, including their descriptions, affected product data, severity, and more using our curation tooling.
- Work as part of a remote and geographically diverse team.
Required Qualifications and Skills
- Strong written and verbal communication skills in English and strong technical writing skills.
- Strong understanding of common software vulnerabilities and knowledge of secure code principles, including common versioning schemes.
- Strong understanding of open-source software development and packaged software.
- Familiarity with git and other version control software.
- Be able to provide two technical writing samples with your application. One sample must address software and code. If possible, a writing sample addressing software security and vulnerabilities should also be provided.
Preferred Qualifications
- Experience in the field of information security, system administration, or open-source software maintenance.
- Proficiency in one or more modern programming languages and their associated packaging ecosystems, such as JavaScript/npm, Java/Maven, Python/PyPI.
- Familiarity with vulnerability analysis, vulnerability trends, and using common vulnerability metrics (CVSS, CWE).
- Familiarity with evaluating the risk, impact, and severity of a vulnerability.
- Experience performing code reviews.
- Previous experience using open-source software and a strong interest in open-source security.
- Previous experience in the software security domain is a big plus, though other relevant experience will be considered as well.
- Ability to work in a team, empathy for others when they need help, and accountability when they rely on you.