Senior Infrastructure Engineer

**Position Description**
Freedom of the Press Foundation (FPF), a New York-based nonprofit organization dedicated to protecting and defending press freedom, is looking for a senior infrastructure engineer to help us maintain and improve our technical infrastructure. Reporting to the engineering manager, infrastructure, this role will primarily work on internal systems and services to improve the efficiency and security of our application development workflows. Our selected candidate will also support teams outside of Engineering, such as Editorial and Advocacy, to evaluate and integrate new technologies as part of strategic initiatives at FPF.
**About the team**
The Infrastructure team is a six-person team (four full-time, two part-time) within the Engineering department. Our core responsibilities include:

• Administering and maintaining internal services and systems (FPF is made up of 35-plus full-time employees, as well as another 15-plus part-time contractors, with roughly half of employees working from our New York City office and the rest working remotely).
• Overseeing continuous delivery for our public websites (like Freedom.Press and PressFreedomTracker.US).
• Managing container-based CI/CD systems for engineering projects (like SecureDrop, Dangerzone, and WEBCAT).
• Handling intrusion monitoring and detection, incident response, and internal audits.

Responsibilities

• Integrating automation tools, such as static code analyzers and vulnerability checkers, to identify and mitigate security issues within our Infrastructure as Code codebase.
• Responding to access requests, credential management, and other operational needs that arise from owning the organization's infrastructure; assisting with identity and access life cycle for staff, including onboarding and offboarding.
• Assisting in the management of on-site equipment and networking.
• Working with other engineering teams to identify operational bottlenecks and design solutions to improve the developer experience in the organization.
• Monitoring systems performance and security, identifying incidents, assessing severity level, responding using our incident response protocol, and customizing monitoring and alerting tools as needed to provide continued and sustainable coverage across the team.
• Analyzing logs and debugging errors across the web application stack.
• Creating technical specifications and building consensus through clear verbal and written communication.
• Performing incident response, alert triage, and audits as part of a teamwide rotation.
• Other responsibilities as assigned by the engineering manager, infrastructure.

Qualifications
**Required**

• Five-plus years of full-time experience in a senior DevOps/SRE/operations role, or equivalent senior-level experience.
• A background working effectively within small or midsize organizations and cross-functional infrastructure teams.
• Two-plus years of experience leading complex cross-team technical changes from conception to completion, including documentation through architecture diagrams and specifications.
• Professional experience automating development workflows using continuous integration and deployment systems; familiarity with GitHub actions or similar.
• Professional experience using automation tools (e.g., Ansible, Molecule, Terraform/OpenTofu) for configuration management, and implementing security controls based on standards and best practices.
• Professional experience using modern packaging and dependency management tools (e.g., Poetry, uv).
• Professional experience alerting, monitoring, and logging infrastructure (e.g., Icinga/Nagios, Logstash/Kibana).
• Professional experience building and deploying highly available workloads and services using Kubernetes or other container orchestration systems.
• Professional experience working within a Unix shell and writing code in at least one DevOps language (e.g., Python, Ruby, Bash).
• Professional experience in vulnerability management and incident response.

Preferred

• Familiarity with Qubes, Tails, Tor, and other privacy/security technologies.
• Experience using SIEM, OSSEC, and/or other intrusion detection/security compliance tools.
• Experience using YubiKeys/Nitrokeys and/or related MFA/smart card technology.
• Experience using encryption tooling for secret management.
• Experience completing threat modeling.

**Working with us**
This is a full-time role with a competitive nonprofit salary in the range of $130,000-145,000, depending on experience. This position will preferably be based in FPF’s Brooklyn headquarters; however, strong U.S.-based remote candidates will also be considered. For more information on our full benefits package, please visit our website’s careers page.
FPF does not discriminate on the basis of an individual’s sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual or reproductive health decisions, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status, and other personal characteristics protected by law.
**How to apply**
If you think you’d like to be a part of our team, please submit your résumé and a cover letter (no longer than 1½ pages). Applications will be considered on a rolling basis, and we reserve the right to close this process early due to high applicant volume.
After an initial application review, FPF’s hiring process involves a phone screen with HR, an interview with the hiring manager, and an at-home skills assessment. For candidates moving to the final stages, a department-wide panel and a final meeting with our executive director and chief technology officer will follow.