This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Part-time job opportunities in English for the people in Montreal

To post a job, login or create an account |  Post a Job

   montreal part-time jobs   

Bringing new part-time opportunities every day!

previous arrow
next arrow


pyup. io: Python Vulnerability Severity Assessor

Pyup. Io

This is a Contract position in Montreal, QC posted June 7, 2021.

PyUp is an open source security tool to scan Python dependencies for known vulnerabilities, backed by a database of 307,000 dependencies.

We are looking for a Python security expert who can assess the severity of the non-CVE vulnerabilities that we discover.ResponsibilitiesWe’ll need you to investigate security concerns reported by the maintainers of Python libraries to rate their threat in terms of the attack vector, attack complexity, privileges required, scope, and several other such metric values (similar to a CVSS rating).We’ll need your broad knowledge of Python to quickly grasp the context of a vulnerability.We’ll need you to write succinct advisories to substantiate your findings.We’ll need your resourcefulness to evaluate poorly documented vulnerabilities.

This may include reaching out to maintainers and the community for details and clarifications.We’ll need your responsiveness, your ability to communicate clearly, and occasional availability during the business hours in the Pacific time zone for company meetings.QualificationsYou are an experienced developer who’s had exposure to a range of Python projects.You are familiar with popular Python packages, the PyPI ecosystem, and are staying up-to-date with Python-related security news.Ideally, you have experience researching vulnerabilities and discussing them with the community and teams around you.You are a professional.

People appreciate your dutiful follow-up and follow-through.You have a growth mindset and are continually educating yourself.How to ApplySend us your résumé and a cover letter, and fill out https://forms.Gle/2FeUbvNnymEBASpi9 to submit CVSS-like reports and brief advisories for the following four reported vulnerabilities.” Tg 0.1.3 makes ‘file_path’ setting in config file shell escaped for security reasons.” “Aiootp 0.18.0 includes a few important security patches.” “Xpra restricts access to the ‘run-xpra’ script (chmod) and fixes a problem when cursor data sent to the client was too big (exposing server memory).” “Graphite-web 1.1.8 prevents cross-site scripting.” Working hours and commitmentsYour initial work will be triaging and classifying a part of the existing vulnerabilities in our proprietary database.

This will take approximately two months of full-time work (30 hours per week or more).

After that, you’ll need to do the same work but only for our newly discovered vulnerabilities.

This should take you about ten hours a week.