Totem is an online learning service focused on digital security training for activists and journalists. Totem aims for optimal security of the platform to protect its users and partners. For that reason, we are looking for a security auditor that can make sure our server has been setup securely, and that no information leaks out of the Open edX platform.
Launched in 2016 by Free Press Unlimited and Greenhost, it currently has more than 30 courses in five languages. Totem uses a MOOC platform called Open edX which is set up as a combination of Docker containers, orchestrated with Tutor. In addition to the platform, Totem has a number of interactive learning elements that can be integrated into courses, and a website that uses the Open edX API.
We are looking for a security expert that can:
- assess the security of the configuration of our current system and the tool we use to configure it, find where we can improve
- assess the security of the website
- assess the security of interactive course components
- investigate data collection in logs, databases, etc. to make sure we do not keep more personally identifiable information than what the user enters in our forms
- communicate well about the findings
The deliverable we expect is a full report that describes weaknesses in the security and explains how we can solve them. We are looking for a security auditor that communicates with the team and likes to share their knowledge so the team can improve their practices.
If you are interested, please send your expression of interest to info@totem-project.org. expression of interest should include a reason why you believe you’re the right partner for us; examples of relevant previous work; and a rough budget (or a list of questions you’d like us to answer before you can provide us with a quote). This is an open call without a deadline.