Security Engineer

Company Description

DHIS2 is a configurable platform for data collection and analysis -- free and open source self-hosted software and a proud Digital Public Good.  Today it is used in more than 100 countries.  This includes use by more than 70 national ministries of health where it serves as the backbone for country health information systems.  It has been estimated that 2.4 billion people (30% of the world’s population) live in countries where DHIS2 is deployed.

We are a well-funded not-for-profit project located at the HISP Centre at the University of Oslo (UiO), where we operate as an independent software development organization.  We work with and are supported by many global development organizations and are a World Health Organization collaborating center.  DHIS2 is used every day around the world to manage routine health service delivery, COVID-19 surveillance and vaccination, Malaria elimination campaigns, HIV/AIDS prevention and treatment, Tuberculosis programs, maternal and child health, national education systems, health supply chain logistics, climate impacts on human health, and much more.

With us you get a chance to work on problems which really matter: Improving the health and well-being of people around the world through access and use of information. We give you a lot of flexibility and freedom to make a difference while solving interesting technical challenges. At DHIS2 we believe you will do your best work if you fully understand the context in which the system operates, so you are encouraged to engage directly with our projects, take part in the design process, and get feedback from users in the field.

Job Description

DHIS2 is hiring a Security Engineer who will join our security team to support our secure software development lifecycle. It is a full-time, remote position.

What You’ll Do:

• Perform security reviews of change requests and new DHIS2 features
• Validate vulnerability reports and advise on mitigation solutions
• Build automation and frameworks to produce more secure code
• Provide guidance and education to developers
• Develop security documentation and training materials

Qualifications

• Passionate about product security
• Previous working experience as a security engineer for 3+ years
• Active contributor to the security community (public speaking, research, blogging)
• Fluent in English to a professional level (written and oral)
• Knowledge of French or Spanish will be considered an advantage
• Knowledge of the DHIS2 technology stack will be considered an advantage
• Willing to travel occasionally to support our implementors on security matters or participate in community events

Additional Information

What we offer:

• A full-time position on a 1-year renewable contract.
• A job with social impact!
• 25 working days of vacation in addition to 8 national public holidays
• Attractive salary

What to submit

• LinkedIn/Personal site URL (CV also accepted)
• Portfolio of work: URLs, GitHub or personal repository

PLEASE READ!  Important instructions to ensure your application is considered

We value, above all else, applicants who are passionate about making a positive difference in the world.   Please write at least 3 sentences in the “Message to Hiring Manager” portion of your application telling us why you are specifically interested in working with DHIS2.  It doesn't have to be a lengthy cover letter, we just want to know that you have at least reviewed our website (dhis2.org) and want to join us in our mission.

Diversity and Inclusion

The people designing and building DHIS2 should reflect the people of every imaginable background, identity, gender, religion, ability, and nationality in more than 100 countries and on 6 continents worldwide who rely on it.  We have published a diversity pledge where you can learn more about our commitment to continually improve the diversity of our teams and to combat unjust disadvantages prevalent throughout the technology industry.

We encourage people from diverse backgrounds to apply for our roles.  This includes women, non-binary people, ethnic minorities, people with disabilities, LGBTQ+ people, people from the Global South, and anyone else who identifies with a group that remains underrepresented in tech and engineering.  Please reach out if you have doubts about your suitability for a role, and let us know if you require any reasonable adjustments during any part of the application process.

Learn more at https://dhis2.org/careers/software/diversity

Location and Time Zones

You can work remotely from any country in the world or from our office in Oslo, Norway. If working remotely, we strongly prefer candidates who can have at least 4 hours of overlap with Central European Time Zone working hours.  If you are located more than 2 time zones away from Europe, please indicate in your application how you will accommodate this difference.  If you are located many timezones away and do not including any additional information in your application it may be automatically rejected.

Remote Work and Travel

We are a remote-first global team but we recognize the importance of meeting and collaborating with colleagues in person.  You will have the opportunity to travel 1-3 times per year to meet with other members or your team.  We host one annual all-hands meeting with the entire global software team, and each product team may also meet to collaborate or see DHIS2 use in the field.  There may be additional opportunities to travel for conferences or to help facilitate academies.  All travel expenses are fully covered.

We recognize that travel has an environmental impact, and so we work to limit travel to only what is essential and to mitigate or offset the impact of necessary travel we fund.  We encourage the use of trains and other low-carbon transportation whenever this is a reasonable option.

Contract details

This is a full-time position (80% possible) on an annual renewable contract. We are focused on building long-term contractor relationships. We support flexible work arrangements with generous holiday allowances, and we offer the option to renew for longer contract periods over time.

I'm interested I'm interested