Web security task force contractors for AI safety announcements

Survival and Flourishing .Com is looking for white-hat hackers and security professionals who can join our task force of “on call” professionals for a week or so, once or twice per year, to bolster the web security posture around public AI safety announcements from non-profits in our network.

Hours & Compensation: $100-$200/hr depending on experience, for announcement projects spanning 1-3 weeks of work at a time. 

(We would give you around ~1 month of notice for each announcement project before it arises, so you have some advance notice to either decline the project or set aside time and availability to work on it.)

Application here.

If you’re interested but unsure about your availability, please apply anyway, since we hope to have a surplus of contractors ready to go in case of urgent needs.  As noted, we expect to give around one month of notice for each task force project before it begins.  For each project, we expect only a fraction of our task force will turn out to be available, such as by taking vacation or unpaid leave from other jobs (or somehow find a considerable amount of spare time).

Why this position exists:

Public-facing AI safety announcements sometimes attract the attention of malicious actors who attack website security vulnerabilities in order to delegitimize concerns. Having seen this pattern before, we want to retain a task force of contractors who can jump in and save the day during the critical time window for important announcements.

We’ll usually have around a month of lead time to predict when an announcement will occur and when we’ll need help, but the nature of the security vulnerabilities are harder to predict.  So, we need responders with fairly general knowledge of computer security to stand ready to help out during important announcements.

Qualifications

• Numeracy adequate for understanding system demands and scalability issues
• Experience or clear skill with at least one of the following:
  • White-hat hacking
  • Full-stack web development in Typescript
  • Building and maintaining web applications for large-scale use, including the management of user accounts (e.g., Google auth) and private data
• Reliable communication with project managers about site issues, patches, implementation tradeoffs, and the impact of design decisions.
   

Duties of position

This is not a full time time job!   We would ask you to be “on call” for a week or so, once or twice per year, and you’d be free to decline particular projects when you’re unable to find time in your schedule.  When you accept the call, your tasks might include any of the following:

• Searching for vulnerabilities in interactive websites hosting AI safety content, including user interactions like commenting or upvoting;
• Trying to privately “game systems” that users interact with, such as artificially inflating vote counts on content, or gaining unauthorized access to user accounts.
• Helping to patch site vulnerabilities discovered by yourself or others.

For this work, you would be reporting to Ethan Ashkie and/or Joel Burget at SFC, depending on the task. 

Organizational culture

SFC is a lightweight organization with around 5 employees, mostly remote, focused on tech and philanthropy.  We sometimes meet in-person in the Bay Area for hack-a-thons and team sprints. Collaborators will include developers from a mix of other institutions with technical challenges pertaining to AI safety communications.

Work authorization

We are not seeking visas for this role; you are required to have work authorization for whatever country you are working from.

Application

Apply here.