Security Engineer (Cloud & Application Security) – Volunteer

Security Engineer (Cloud & Application Security) – Volunteer

Organization: Mentor A Promise (MAP)

Division: Technology, Data Security & Infrastructure

Location: Remote via Google Meet (NYC-based collaboration as needed)

Type: Volunteer (Unpaid)

About Mentor A Promise

Mentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC.

As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities.

Role Overview

We are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment.

This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows. You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward.

This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting.

Key Responsibilities

• Investigate the recent security incident and provide clear, actionable recommendations.
• Rebuild compromised systems within a clean, secure environment.
• Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions.
• Secure application code, particularly Next.js applications, API endpoints, and authentication systems.
• Improve Docker and container security, including scanning and isolation.
• Implement automated vulnerability scanning and dependency audits.
• Set up ongoing monitoring, logging, and alerting for suspicious activity.
• Reduce attack surface through best practices such as least privilege, patching, and environment isolation.
• Establish baseline security policies and incident response procedures.
• Provide guidance and documentation for developers on secure coding practices.
• Check and respond to emails daily, with responses within 48 hours.
• Take responsibility for performance improvement by strengthening security posture over time.

Qualifications

Required

• 3+ years of experience in application security or cloud security.
• Strong experience with Node.js and Next.js security best practices.
• Proficiency with AWS cloud environments.
• Hands-on experience with Docker and container security.
• Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.).
• Experience responding to or analyzing security incidents.
• Ability to work independently and communicate clearly with non-technical team members.

Nice to Have (Not Required)

• Experience securing CI/CD pipelines.
• Knowledge of PocketBase or similar lightweight data stores.
• Familiarity with nonprofit or early-stage startup environments.
• Security certifications such as OSCP, CEH, Security+, or GIAC.

Commitment

• Volunteer role, approximately 5–10 hours per week.
• Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase).
• Fully remote via Google Meet, with optional NYC-based collaboration.

What You’ll Gain

• Hands-on leadership experience securing a real-world production environment.
• The opportunity to make a direct, measurable impact protecting youth-serving systems.
• Collaboration with engineers, product leads, and nonprofit leadership.
• A portfolio-worthy security engagement demonstrating incident response and remediation.
• Letters of recommendation and professional references.
• The fulfillment of protecting systems that support vulnerable communities.

Application Process

Interested candidates should apply directly through Idealist.

For any additional questions or concerns, please email us directly at hr@mentorapromise.org

Thank you for your interest in volunteering with our organization. At this time, our volunteer opportunities are limited to individuals who are based in the United States. This limitation is due to legal, safeguarding, data-privacy, and programmatic requirements associated with our work. We appreciate your interest in our mission and your understanding of these constraints.