Announcing the PyPI Safety & Security Engineer role

We are pleased to announce Amazon Web Services (AWS) as the inaugural Security Sponsor for PyPI, investing $144,000 over one year to fund key enhancements to PyPI infrastructure and operations, including the creation of a new “PyPI Safety & Security Engineer” role.

This role builds on our existing long term partnership with AWS as one of the top sponsors of the Python Software Foundation for the last five years, which has included in-kind donations of cloud computing infrastructure and services to support PyPI. The role will complement our previously announced role for a PSF Security Developer in Residence and will work closely with the person hired for that role (to be announced soon).

This funding also builds on previously successful project-focused funding efforts, such as the 2018 full-stack rewrite of PyPI, the introduction of internationalization and localization for PyPI, as well as 2FA and WebAuthn support.

We expect this partnership to tangibly improve the experience for all PyPI users, from consumers downloading packages, to package maintainers, to large corporate teams. Some of the outcomes we are working toward over the next year include increased support for package maintainers including multi-maintainer projects, improvements to reporting infrastructure for malicious projects, as well as a reduced response time for malware reports and account recovery requests.

The job posting can be found here, and applications for the role are open until June 1st. Similar to existing developer-in-residence roles, the contract for this role will be for a one year period, and the PSF will be actively engaging with our sponsors and supporters to renew funding for the role in subsequent years.

Ee Durbin is the Director of Infrastructure at the Python Software Foundation. They have been contributing to keeping PyPI online, available, and secure since 2013.