Security Analyst, Infected Websites

Remote Full-time
Job Description:
• Assist customers with support questions related to our product and investigate site intrusions.
• Repair infected sites and remove all traces of compromise; determine how the intrusion occurred and remove the intrusion vector.
• Collect and process evidence from intrusions and collect all IOCs (indicators of compromise).
• Work with Threat Intelligence team on vulnerability research and malware signature development.
• Triage and validate vulnerability reports submitted through the Bug Bounty Program: assess impact, reproduce and analyze vulnerabilities in controlled environments, and identify root causes in source code.
• Document findings, recommend fixes or custom firewall rules, and propose bounty amounts based on severity and impact.
• Collaborate with developers, customer support, and disclosure teams; validate that patches are sufficient once released.
• Use tools and workflows including Slack, FogBugz, GitHub, and Google Apps.

Requirements:
• 3+ years of experience with WordPress required.
• Technical experience with common web application based vulnerabilities in WordPress plugins and themes.
• A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.
• 5+ years of experience administering multiple Linux stacks (We don't support Windows).
• 5+ years of experience with MySQL.
• 2+ years of experience conducting remediation of compromised websites, including analysis of how the intrusion occurred, removing the intrusion vector, and restoring the site to a fully functional state.
• Highly technical and comfortable with a wide range of open source tools such as grep, find, etc.
• Excellent written and verbal communication skills; ability to interact with customers professionally.
• Work well in a team and work independently without additional guidance.
• Excellent analytical ability, ability to think outside of the box, and an eagerness to learn.
• Must have attention to detail.
• Experience in vulnerability research is a plus: ability to develop proof of concepts programmatically or conceptually; ability to replicate exploitability in a test environment; ability to review source code changes to determine if a vulnerability was patched; experience generating/modifying HTTP requests; experience working with BURP suite or similar proxy software and a PHP debugger.
• A solid understanding of regular expressions; must be able to write expressions on the fly to match and remove only malicious code and to write malware signatures for our products.
• Ability to write and read PHP, regular expressions, cron jobs, and JavaScript.
• Understanding of all major vulnerability types and the ability to explain them to a customer in terms they can understand.
• Ability to analyze log files and determine how an intrusion occurred.
• Certifications in penetration testing or forensics are a strong plus.

Benefits:
• Full-time telecommuting with a company that has been 100% remote for over 8 years.
• You will be paid for this short-term contract (approximately 2-3 week trial, minimum 10 hours/week).
• We won't typically require long hours when we can avoid it (family time is important).
• Remote work using Slack, FogBugz, GitHub, and Google Apps.
• Trust-based, no micromanagement culture; friendly, fast-moving, self-managing team with a sense of humor.
• Diversity and non-discrimination policy.

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Account Executive, Actimize

Remote

Chief People Officer (CPO) AI SaaS Digital Consumer Products, Government, Education (Remote/Equity)

Remote

Development Director — Remote | Flexible Schedule | Target-Driven | Nonprofit

Remote

Senior Financial Analyst (Contract Compliance Team) USA, TX, Irving

Remote

Entry Level Chat Support (Remote, No Experience, Part Time) – Amazon Store

Remote

Project Manager Supervisor (Legal Operations)

Remote

AI Trainer for U.S.-Based Business Owners | Google Project

Remote

Business Development Representative

Remote

Experienced Full Stack Data Entry Clerk – Remote Data Management and Typing Specialist

Remote

Compensation Analyst Remote

Remote
← Back