Security Engineer (Cloud & Application Security) – Volunteer
Security Engineer (Cloud & Application Security) – Volunteer Organization: Mentor A Promise (MAP) Division: Technology, Data Security & Infrastructure Location: Remote via Google Meet (NYC-based collaboration as needed) Type: Volunteer (Unpaid) About Mentor A Promise Mentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC. As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities. Role Overview We are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment. This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows. You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward. This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting.
Key Responsibilities
- Investigate the recent security incident and provide clear, actionable recommendations.
- Rebuild compromised systems within a clean, secure environment.
- Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions.
- Secure application code, particularly Next.js applications, API endpoints, and authentication systems.
- Improve Docker and container security, including scanning and isolation.
- Implement automated vulnerability scanning and dependency audits.
- Set up ongoing monitoring, logging, and alerting for suspicious activity.
- Reduce attack surface through best practices such as least privilege, patching, and environment isolation.
- Establish baseline security policies and incident response procedures.
- Provide guidance and documentation for developers on secure coding practices.
- Check and respond to emails daily, with responses within 48 hours.
- Take responsibility for performance improvement by strengthening security posture over time.
Qualifications
Required
- 3+ years of experience in application security or cloud security.
- Strong experience with Node.js and Next.js security best practices.
- Proficiency with AWS cloud environments.
- Hands-on experience with Docker and container security.
- Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.).
- Experience responding to or analyzing security incidents.
- Ability to work independently and communicate clearly with non-technical team members.
Nice to Have (Not Required)
- Experience securing CI/CD pipelines.
- Knowledge of PocketBase or similar lightweight data stores.
- Familiarity with nonprofit or early-stage startup environments.
- Security certifications such as OSCP, CEH, Security+, or GIAC.
Commitment
- Volunteer role, approximately 5–10 hours per week.
- Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase).
- Fully remote via Google Meet, with optional NYC-based collaboration.
What You’ll Gain
- Hands-on leadership experience securing a real-world production environment.
- The opportunity to make a direct, measurable impact protecting youth-serving systems.
- Collaboration with engineers, product leads, and nonprofit leadership.
- A portfolio-worthy security engagement demonstrating incident response and remediation.
- Letters of recommendation and professional references.
- The fulfillment of protecting systems that support vulnerable communities.
Application Process Please send your resume, LinkedIn profile, and a brief statement of interest to [email protected] with the subject line: Security Engineer – Cloud & Application Security You may also apply directly here: https://forms.gle/ptgy2zBZXJB1q7GV8 Apply tot his job Apply To this Job