Security Engineer (Cloud & Application Security) – Volunteer

Security Engineer (Cloud & Application Security) – Volunteer Organization: Mentor A Promise (MAP) Division: Technology, Data Security & Infrastructure Location: Remote via Google Meet (NYC-based collaboration as needed) Type: Volunteer (Unpaid) About Mentor A Promise Mentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC. As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities. Role Overview We are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment. This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows. You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward. This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting. Key Responsibilities • Investigate the recent security incident and provide clear, actionable recommendations. • Rebuild compromised systems within a clean, secure environment. • Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions. • Secure application code, particularly Next.js applications, API endpoints, and authentication systems. • Improve Docker and container security, including scanning and isolation. • Implement automated vulnerability scanning and dependency audits. • Set up ongoing monitoring, logging, and alerting for suspicious activity. • Reduce attack surface through best practices such as least privilege, patching, and environment isolation. • Establish baseline security policies and incident response procedures. • Provide guidance and documentation for developers on secure coding practices. • Check and respond to emails daily, with responses within 48 hours. • Take responsibility for performance improvement by strengthening security posture over time. Qualifications Required • 3+ years of experience in application security or cloud security. • Strong experience with Node.js and Next.js security best practices. • Proficiency with AWS cloud environments. • Hands-on experience with Docker and container security. • Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.). • Experience responding to or analyzing security incidents. • Ability to work independently and communicate clearly with non-technical team members. Nice to Have (Not Required) • Experience securing CI/CD pipelines. • Knowledge of PocketBase or similar lightweight data stores. • Familiarity with nonprofit or early-stage startup environments. • Security certifications such as OSCP, CEH, Security+, or GIAC. Commitment • Volunteer role, approximately 5–10 hours per week. • Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase). • Fully remote via Google Meet, with optional NYC-based collaboration. What You’ll Gain • Hands-on leadership experience securing a real-world production environment. • The opportunity to make a direct, measurable impact protecting youth-serving systems. • Collaboration with engineers, product leads, and nonprofit leadership. • A portfolio-worthy security engagement demonstrating incident response and remediation. • Letters of recommendation and professional references. • The fulfillment of protecting systems that support vulnerable communities. Application Process Please send your resume, LinkedIn profile, and a brief statement of interest to [email protected] with the subject line: Security Engineer – Cloud & Application Security You may also apply directly here: Apply tot his job