Security Engineer (Cloud & Application Security) – Volunteer

Security Engineer (Cloud & Application Security) – VolunteerOrganization: Mentor A Promise (MAP)Division: Technology, Data Security & InfrastructureLocation:Remote via Google Meet (NYC-based collaboration as needed)Type: Volunteer (Unpaid)About Mentor A PromiseMentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC.As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities. Role OverviewWe are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment. This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows.You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward. This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting. Key Responsibilities• Investigate the recent security incident and provide clear, actionable recommendations. • Rebuild compromised systems within a clean, secure environment. • Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions.• Secure application code, particularly Next.js applications, API endpoints, and authentication systems. • Improve Docker and container security, including scanning and isolation. • Implement automated vulnerability scanning and dependency audits. • Set up ongoing monitoring, logging, and alerting for suspicious activity. • Reduce attack surface through best practices such as least privilege, patching, and environment isolation. • Establish baseline security policies and incident response procedures. • Provide guidance and documentation for developers on secure coding practices.• Check and respond to emails daily, with responses within 48 hours. • Take responsibility for performance improvement by strengthening security posture over time. QualificationsRequired• 3+ years of experience in application security or cloud security. • Strong experience with Node.js and Next.js security best practices. • Proficiency with AWS cloud environments. • Hands-on experience with Docker and container security. • Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.). • Experience responding to or analyzing security incidents.• Ability to work independently and communicate clearly with non-technical team members. Nice to Have (Not Required)• Experience securing CI/CD pipelines. • Knowledge of PocketBase or similar lightweight data stores. • Familiarity with nonprofit or early-stage startup environments. • Security certifications such as OSCP, CEH, Security+, or GIAC. Commitment• Volunteer role, approximately 5–10 hours per week. • Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase). • Fully remote via Google Meet, with optional NYC-based collaboration.What You’ll Gain• Hands-on leadership experience securing a real-world production environment. • The opportunity to make a direct, measurable impact protecting youth-serving systems. • Collaboration with engineers, product leads, and nonprofit leadership. • A portfolio-worthy security engagement demonstrating incident response and remediation. • Letters of recommendation and professional references. • The fulfillment of protecting systems that support vulnerable communities. Application ProcessPlease send your resume, LinkedIn profile, and a brief statement of interest to [email protected] with the subject line:Security Engineer – Cloud & Application SecurityYou may also apply directly here:Apply tot his job