jobs

Working with pEp

This is a list of current needs, tasks and job offers. Not everything is listed here, and some things are only mentioned briefly. Please ask if you don’t see yourself / your skills in this list, but still would like to work with us!

See some proper job offers on the page of pep.security.

What’s pEp? Pretty Easy Privacy? Privacy by Default?

  • Everything is free software mostly under some GNU licenses
  • It’s about mass-encryption and mass-anonymization (“for the masses”) and therefore the main goal is to save the world ;)
  • We work in various-offices in mid-Europe and sometimes remotely/distributed
  • Working language English is required, any other languages are helpful (German, Spanish, Catalan, French, etc)

Contact

This page here is work in progress and can not be seen as “official/proper job offers”, but more as an “FYI, this is what we’d need these days”. Thanks!

For initial contact.

  • Group contact: contact (at) pep.foundation (key)
  • Single contact: sva (at) pep.foundation (key) or “sva” on various IRC networks (freenode, oftc, ircnet, hackint,…) and e.g. psyc

Jobs

(Mainly) Coding

sorted by programming languages (more or less)

ObjC & swift

C# and office automation

C++ and WindowsAPI

  • knowledge of winAPI
  • C++ (C and C# would be nice to have, too)
  • this about the outlook-add-in, so knowledge of outlook environment is nice to have

C++ Skills for adapters

  • updating and re-writing the adapters, C++ skills required.
  • People able to code-generate adapters

C, C++, GNU-tools: Port Free software onto a commercial UNIX

  • UNIX ppl that are good in proting software onto another UNIX
  • knowledge of C, C++ & knowing how the GNU-toolchain functions
  • port pEp on Unix USS / zOS
  • someone who knows how to port free software onto another Unix-OS, so that pEp engine and adapter can be built on such Mainframe systems
  • Optional: work on IBM Mainframe platforms, cf. https://dev.pep.foundation/Mainframe
  • that includes to give system lib work upstream, e.g., to GNU projects.
  • Prior banking industry experience preferred

Java

  • at least 3 years of proven Java experience (enterprise)
  • Good familiarity w/ the JEE technology stack (JMS, XML(JAX.*), CDI, IOC, REST, Persistence, Security)
  • At least one scripting language (bash, Python)
  • familiarity with various testing stages (unit, integration, E2E)
  • At least one Java unit testing framework
  • willing to cope with proprietary, hand crafted, GNU make based build systems for C/C++ SW
  • willing to cope with RFCs
  • familiarity with at least one common Java build system (Maven, Ant, Gradle)
  • Issue mgmt and accompanying work-flows
  • basic C/C++ literacy: Must be able to look up error codes in header files
  • Basic understanding of Continuous Integration/Delivery
  • Distributed version control systems and according workflows (e.g. hg, git)
  • Emphasis on portability of SW
  • At least one full virtualization solution (QEMU, KVM, VirtualBox, HyperV,…)
  • Relational databases and SQL
  • Component Lifecycle Mgmt (CLM) systems like e.g. Nexus, Artifactory
  • experience in writing reliable software
  • JDK 8 language features
  • ideally experience with IBM MQ

Rust (sequoia) and/or experience in implementation of cryptography

  • Rust knowledge or willingness to learn
  • experience in implementation of cryptography
  • more: http://sequoia-pgp.org/

C99

  • for the engine
  • lots of experience in C99 - 10+ years

Various Languages

giving pEp to MUAs:

  • mutt (in python)
  • evolution
  • emacs
  • geary
  • your client?

writing new / other adapters (C++ skills required, too):

  • perl adapter fuer pep
  • scheme
  • ruby
  • free desktop adapter
  • your language and/or environment?

(mainly) Other things than coding

System-architects & enterprise architects

System Architect EMail:

  • Significant design/implementation/consulting experience with E-Mail, Anti-Spam, Data Loss Prevention, Archiving and similar on-premise and in the cloud
  • you are responsible to implement pEp eMail encryption at customer / large environments

System Architect Banking:

  • experience with IBM MQ
  • Elaborate best practices on how to integrate pEp in existing environments

IT Service Desk and Support Engineer

testing

  • automatisation

In the future

These are things we don’t need urgent anymore, but most likely again in the future - if you are super keen on pEp and you find yourself only on the list below, do not hesitate to contact us!

Android development 2+ years

  • Kotlin is nice to have, but can be learned/taught

Javascript

  • browser plug-in for OWA outlook web-version
  • browser plug-in for other webmailers
  • Thunderbird extension

IT-Service-Department for pep.security

  • (around 1-2 persons in sum)
  • in luxembourg

Writing Technical Documents

  • IETF internet drafts
  • general tech & user documentation

Writing & Information Management

  • wiki restructuring etc - the usual mess waits for you…
  • experience needed with widely spread open projects

Sales Organisation

  • more to come

Communication

  • more to come

UX & UI Design

  • more to come
  • german language skills required
  • prior experience in a similar role and/or similar organisation is helpful but not a must

External

long- and short-term tasks eg. for contractors

(Security) Code Audits (mainly C++)

Recommendations and offers are very welcome: We’re looking for people and organizations that can do software code audits (ideally focussed on security aspects). Languages mainly C, C++, Rust, but also the app languages like Java, C# etc. Can be split up depending on skills/wishes.

Get more Details on each piece that needs audit here

Single tasks

Some of the mentioned things would also be also possible on a short-term cooperation, e.g. adding pEp via phython adapter to Mutt mailclient or other implementations if MUAs and/or writing adapters.

Some notes and links…

…on pEp’s Tech & Architecture:

  • on the very bottom is the engine (which has e.g. Sequoia underneath)
  • then there are Adapters to include…
  • …apps that come on top

The adapters connect an app with the engine. A simple API allows for easy integration in many languages and development environments. This multi-tier architecture enables developers of add-ons, plug-ins, apps and any other front end solution to have p≡p’s cryptographic functionalities without dealing with the crypto directly; the interfacing adapter does the job. So far there are the following adapters and apps:

The adapters connect an app with the engine. A simple API allows for easy integration in many languages and development environments. This multi-tier architecture enables developers of add-ons, plug-ins, apps and any other front end solution to have p≡p’s cryptographic functionalities without dealing with the crypto directly; the interfacing adapter does the job. So far there are the following adapters and apps:

…on code repositories

There are various places (for various reasons) where we store the code:

…on IETF Internet Drafts (RFCs)

We have various Internet Drafts open for comments, here are all few of them - there you can also get to know about pEp’s concepts in high detail:

Find some more in our repository for the Internet Drafts:

…on the organizational structure

  • there is a foundation that own most of the code (engine and adapter code)
  • there is a company that owns some of the application code and provides services etc.
  • your employment depends on the task you’re looking at :)

There is one main difference between foundation and company:

  • Foundation has to save the world even without gaining money

    • Versus
  • Company has to gain money even without saving the world (but, regarding the contracts between the two the company also has to save the world :D)

…on geographical structure

Offices

Generally most positions are in Barcelona (Dev), Luxembourg (Services) and Nürnberg (Java). As long as you able and willing to travel & your skills match perfectly, we are flexible for other options, too.

There are offices in…

  • Luxemburg (mainly Software Services)
  • Barcelona (mainly Development)
  • Nürnberg (mainly FinpEp Development)
  • Zürich (Development as well as Foundation- and Company-services)
  • Berlin (not an office, some people use “onionspace” there)

Residency

Your residency-status (registered/legal address) defines your employment pattern. Possible is Switzerland, Spain, Luxembourg, Germany, other EU-Countries, as well as USA.

Be aware: If you do not have an EU-/ US-working-permit it will be hard for us to employ you :( But if your skills match just perfect, do not hesitate to contact us, and we’ll see what we can do!

…on working structure

As a distributed team we use online tools like IRC, Bugtrackers (Jira), Pads, Wikis and Filestorages, and so on. Working hours are defined within your team and co-workers and can be adjusted with according flexibility as required.

…more notes on “What’s pEp about?”

p≡p is changing the defaults:

p≡p makes digital privacy easy and empowers users and developers to have privacy running on Open Source software.

Generally, p≡p plans to support multiple platforms (iOS, Android, Linux, BSD, MacOS, Windows), programming environments, crypto technologies, and message transports. p≡p doesn’t aim to replace existing crypto tools per se, but stays compatible with existing standards whilst not forcing anyone into vendor lock-in. By design, p≡p is peer-to-peer, end-to-end encrypted and does not rely on any central infrastructure. Secure synchronization of keys and configuration are in development too.

p≡p’s protocols can be implemented by any communication software. These protocols automate the steps taught to users at Cryptoparties to protect personal security and privacy. Thus, p≡p provides protection on a state-of-the-art encryption level for a substantial portion of today’s communication needs – regardless of the user’s technical know-how. For developers, simple APIs allow easy integration of p≡p’s cryptographic functions: They can add easy-to-use encryption by default to their software with only minor expertise on cryptography and security.

Talks on conferences

Some Quotes that are important to us

Human Rights, Art.12

" No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. "

Cypherpunk Manifesto (1993):

Privacy Is Not Secrecy.

  • “A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.” ()shortened)
  • “We know that someone has to write software to defend privacy, and we’re going to write it.”"