Security Engineer (Cloud & Application Security) – Volunteer

Security Engineer (Cloud & Application Security) – Volunteer

Organization: Mentor A Promise (MAP)

Division: Technology, Data Security & Infrastructure

Location: Remote via Google Meet (NYC-based collaboration as needed)

Type: Volunteer (Unpaid)

About Mentor A Promise

Mentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC.

As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities.

Role Overview

We are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment.

This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows. You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward.

This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting.

Key Responsibilities

• Investigate the recent security incident and provide clear, actionable recommendations.
• Rebuild compromised systems within a clean, secure environment.
• Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions.
• Secure application code, particularly Next.js applications, API endpoints, and authentication systems.
• Improve Docker and container security, including scanning and isolation.
• Implement automated vulnerability scanning and dependency audits.
• Set up ongoing monitoring, logging, and alerting for suspicious activity.
• Reduce attack surface through best practices such as least privilege, patching, and environment isolation.
• Establish baseline security policies and incident response procedures.
• Provide guidance and documentation for developers on secure coding practices.
• Check and respond to emails daily, with responses within 48 hours.
• Take responsibility for performance improvement by strengthening security posture over time.

Qualifications

Required

• 3+ years of experience in application security or cloud security.
• Strong experience with Node.js and Next.js security best practices.
• Proficiency with AWS cloud environments.
• Hands-on experience with Docker and container security.
• Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.).
• Experience responding to or analyzing security incidents.
• Ability to work independently and communicate clearly with non-technical team members.

Nice to Have (Not Required)

• Experience securing CI/CD pipelines.
• Knowledge of PocketBase or similar lightweight data stores.
• Familiarity with nonprofit or early-stage startup environments.
• Security certifications such as OSCP, CEH, Security+, or GIAC.

Commitment

• Volunteer role, approximately 5–10 hours per week.
• Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase).
• Fully remote via Google Meet, with optional NYC-based collaboration.

What You’ll Gain

• Hands-on leadership experience securing a real-world production environment.
• The opportunity to make a direct, measurable impact protecting youth-serving systems.
• Collaboration with engineers, product leads, and nonprofit leadership.
• A portfolio-worthy security engagement demonstrating incident response and remediation.
• Letters of recommendation and professional references.
• The fulfillment of protecting systems that support vulnerable communities.

Application Process

Please send your resume, LinkedIn profile, and a brief statement of interest to hr@mentorapromise.org with the subject line:

Security Engineer – Cloud & Application Security

You may also apply directly here:

https://forms.gle/ptgy2zBZXJB1q7GV8