Experienced in ? Want to help journalists stay safe and change the world? OCCRP is hiring a Security Analyst:

This can be a remote position, but relocation to beautiful Sarajevo is welcome. Don't let the requirement list put you off, apply even if you feel you might not fully meet all them.

You'll be working in a global team of techies, using FLOSS technologies, keeping data and people safe and secure in the changing digital landscape.

Tell your friends, too!

A message from our Tech Team:

Many of folk here on have boosted and favourited our toot about Security Analyst position we have open -- thank you!

And yet we have not received a lot of applications so far.

Don't be shy. Don't let the Impostor Syndrome get to you. You don't need a diploma or dozens of certificates to apply. You won't be wasting our time.

We're hackers like you. We need you.

@OCCRP I'm going to send you my resume as soon as possible

Don't you think ppl just afraid of something else and impostor syndrome is not the main reason. I guess working for OCCRP requires really high opsec discipline. Being valuable target and understand consequences is really taxing for ones mind

@mailoxy absolutely, and that's completely understandable.

We do our best to not broadcast publicly information about our Staff unless necessary and consented to. We have ways to work with people who need to not be publicly associated with us.

But we also know that impostor syndrome might be a thing keeping people from applying, and we'd like to make it clear it should not be.

@OCCRP oh, cool, the panama papers folks! y'all are doing great work! ^_^

@OCCRP I wish you the best candidates!

Side note: Just me or are job vacancies for these positions great material for any intruder doing his/her homework?

@tim @OCCRP it's a trade-off. Either we publish some bit of information that might be helpful for a potential attacker, but will allow us to get candidates that fit us better; or we don't.

We try to tread this line carefully, and we try to have our systems set up in a way that the information we publish will not make us unsafe.

Information we published in that job description is reasonably expected to have already been available to a well-prepared attacker from other sources anyway.

@rysiek @OCCRP Thanks for elaborating. I wouldn't have a better answer myself. It was just one of the things that came to mind, and always comes to mind for me with such vacancies. The paranoia is there, but I lack some skills, otherwise I would've surely loved to help your organization become more secure. Keep up the good work!

@tim @OCCRP thanks. Appreciate your responsible disclosure! :)

I'd be happy to have a look at your resume anyway, the requirements we listed are pretty heavy, not checking all of the boxes is fine.

@rysiek @OCCRP Thank you. I surely appreciate that. However, four years ago I quit the day-job to work as an independent researcher (on P2P identity & reputation systems), and things are finally coming along.

Is the job remote? I might know one or two people who I could poke.


Well, you didn't mention anything about salary; and as much as we want to help, a full-time position must be paid (and the amount it will be paid is a factor of the equation).

@LienRag it is a paid position, we mentioned:

> Honorarium will be based on experience and location: we’re a non-profit, but we take care of our Staff.

As an NGO we will not be able to pay a honorarium on the industry level from Silicon Valley, obviously. But we try to be fair.

Please apply and provide you salary expectations, and we will gladly discuss.

Neat, guess I'll discover how qualified I am in the near future.

Sign in to participate in the conversation

Everyone is welcome as long as you follow our code of conduct! Thank you. is maintained by Sujitech, LLC.