Security Engineer (Cloud & Application Security) - Volunteer Job at Mentor A Promise, New York, NY

Y1M4eFBzd1I1bzU0OVpGdDVNd0JhcFpSRGc9PQ==
  • Mentor A Promise
  • New York, NY

Job Description

None,

Security Engineer (Cloud & Application Security) – Volunteer

Organization Mentor A Promise (MAP)

Division Technology, Data Security & Infrastructure

Location Remote via Google Meet (NYC-based collaboration as needed)

Type Volunteer (Unpaid)

About Mentor A Promise

Mentor A Promise (MAP) is a New York City nonprofit dedicated to supporting children and youth ages 5–18 experiencing housing instability. Through mentorship, education, digital platforms, and community-centered innovation, MAP serves students, families, and volunteers across NYC.

As MAP expands its digital ecosystem—including our website, internal platforms, and youth-facing tools—protecting data, systems, and users is mission-critical. Security is not optional when serving vulnerable communities.

Role Overview

We are seeking a Security Engineer (Cloud & Application Security) to lead incident response, secure our application stack, and implement long-term security best practices across MAP’s technology environment.

This role involves both hands-on remediation and strategic improvements across infrastructure, applications, and DevOps workflows. You will work closely with a small engineering and product team to rebuild a secure environment for the Mentor A Promise platform and ensure we are protected going forward.

This role is ideal for a security professional who wants to apply their expertise in a high-impact, mission-driven setting.

Key Responsibilities

  • Investigate the recent security incident and provide clear, actionable recommendations.
  • Rebuild compromised systems within a clean, secure environment.
  • Harden cloud infrastructure, including server configurations, firewalls, IAM, and permissions.
  • Secure application code, particularly Next.js applications, API endpoints, and authentication systems.
  • Improve Docker and container security, including scanning and isolation.
  • Implement automated vulnerability scanning and dependency audits.
  • Set up ongoing monitoring, logging, and alerting for suspicious activity.
  • Reduce attack surface through best practices such as least privilege, patching, and environment isolation.
  • Establish baseline security policies and incident response procedures.
  • Provide guidance and documentation for developers on secure coding practices.
  • Check and respond to emails daily, with responses within 48 hours.
  • Take responsibility for performance improvement by strengthening security posture over time.

Qualifications

Required

  • 3+ years of experience in application security or cloud security.
  • Strong experience with Node.js and Next.js security best practices.
  • Proficiency with AWS cloud environments.
  • Hands-on experience with Docker and container security.
  • Familiarity with common web security threats (OWASP Top 10, SSRF, RCE, etc.).
  • Experience responding to or analyzing security incidents.
  • Ability to work independently and communicate clearly with non-technical team members.

Nice To Have (Not Required)

  • Experience securing CI/CD pipelines.
  • Knowledge of PocketBase or similar lightweight data stores.
  • Familiarity with nonprofit or early-stage startup environments.
  • Security certifications such as OSCP, CEH, Security+, or GIAC.

Commitment

  • Volunteer role, approximately 5–10 hours per week.
  • Minimum 3–6 month commitment preferred (flexible depending on incident resolution phase).
  • Fully remote via Google Meet, with optional NYC-based collaboration.

What You’ll Gain

  • Hands-on leadership experience securing a real-world production environment.
  • The opportunity to make a direct, measurable impact protecting youth-serving systems.
  • Collaboration with engineers, product leads, and nonprofit leadership.
  • A portfolio-worthy security engagement demonstrating incident response and remediation.
  • Letters of recommendation and professional references.
  • The fulfillment of protecting systems that support vulnerable communities.

Application Process

Please send your resume, LinkedIn profile, and a brief statement of interest to hr@mentorapromise.org with the subject line

Security Engineer – Cloud & Application Security

You may also apply directly here

//forms.gle/ptgy2zBZXJB1q7GV8

Job Tags

Remote work, 10 hours per week, Flexible hours,

Similar Jobs

Broad River Rehabilitation

Physical Therapist / PT / PRN Job at Broad River Rehabilitation

Physical Therapist / RPT / PT / PRN - DYER, TN / Tennessee CONSISTENT PRN WEEKLY NEED TO COVER A MATERNITY LEAVE BETWEEN JULY AND OCTOBER 2025 OFFERING PREMIUM RATE -- $65/HR! MUST OFFER CONSISTENTLY WEEKLY COVERAGE 5-10 HOURS EACH WEEK TO BE ELIGIBLE FOR PREMIUM...

Silver Star Construction

Heavy Equipment Operator Job at Silver Star Construction

 ...Innovative company? If this is you, then please consider Silver Star Construction as the right company for you! Heavy Equipment Operator 2401...  ...temperatures, both hot and cold. Must be able to work nights and weekends when necessary. Must be able to work overtime... 

Prospect Equities

Bilingual Social Media Content Creator Intern Job at Prospect Equities

 ...are seeking a highly motivated and detail-oriented Bilingual Social Media Content Creator/Brand Management Intern (Mandarin/English)...  ...to support brand development, communications strategies, and marketing initiatives. You will be an integral part of the Marketing Department... 

The City-County of Butte-Silver Bow

Computer Systems Support Specialist Job at The City-County of Butte-Silver Bow

 ...community connected and moving forward, apply today. As a Computer Systems Support Specialist, youll play a vital role in supporting the technology...  ...every corner of the City-County. From ensuring reliable network connections to supporting desktops, laptops, tablets, printers... 

INVI Inc.

Entry-Level Business Development Executive - Paid Training & Career Growth Job at INVI Inc.

 ...are seeking motivated, self-driven individuals to join our Entry-Level Business Development Program . This role is ideal for...  ...anyone eager to gain hands-on experience in marketing, client management, and team leadership. No prior experience required we provide...