Security Analyst for Infected Websites (Australia, NZ, US Remote Contract)

Remote - Australia

Full Time Contract
Defiant logo
Apply now Apply later

Posted 3 weeks ago

Defiant is a small, dynamic, fast-growing, and profitable company with loyal customers who love our products and services. We are the global leader in WordPress security, protecting over 3 million websites.

We're seeking a Security Analyst to work on a contract basis from your home office in Australia, New Zealand, or the US from approximately 9am - 5pm AEST Monday through Friday or 6pm - 2am PT Monday through Friday.

Company Culture

You'll work with a talented and highly-motivated team that is friendly, fast-moving, self-managing, and highly capable with a sense of humor. Our team's family time is important; we won't typically require long hours when we can avoid it, which is almost always. Our entire team works remotely using Slack for casual interaction, ­so you can live practically anywhere you have a good Internet connection. There's no micro-­management here—we trust that you will see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed.

At Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task, communicate clearly with stakeholders, and see the task to completion with superb attention to detail.

We use apps like Slack, FogBugz, GitHub, and Google Apps for our workflow.

Job Description

We are looking for security analysts to join our forensics team. You will assist our customers to investigate how their site was hacked and to repair their site and remove all traces of the intrusion. In addition to this you will also collect evidence from intrusions that will help improve our threat detection. You will need to determine how the intrusion occurred and then collect all IOC’s (indicators of compromise) and share this data with our product team in a structured way.

General requirements:

  • You must be highly technical and be comfortable with a wide range of open source tools.
  • Excellent written and verbal communication skills.
  • You must work well in a team.
  • You must be nimble, be able to come up with creative solutions to challenging problems and must have a mature approach to problem solving.
  • Attention to detail.


The specific skills we require for this position are:

  • A solid understanding of regular expressions. You need to be able to write expressions on the fly to match and remove only malicious code (which is often polymorphic) without affecting any legitimate code.
  • At least 5 years of experience administering LAMP systems.
  • Ability to program in PHP and JavaScript. Other languages like Python a strong plus.
  • Understanding of SQL and ability to use the MySQL client.
  • Experience investigating hacked websites, determining how the intrusion occurred and removing the intrusion and restoring the site to a fully functional state.
  • An understanding of all major vulnerability types and the ability to explain them to a customer.
  • Ability to analyze web log files and determine how an intrusion occurred.
  • Must be able to use Linux shell tools like grep, find and any other utility that can assist with investigation and remediation.
  • Experience with WordPress required.
  • You must be well versed in information security and any certifications you already have in penetration testing or forensics are a strong plus.

All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing working relationship.

All offers are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a offer of work with the company.


Full-time telecommuting with a company that has been 100% remote for over 5 years.

Diversity at Defiant

We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.


We have a unique process that we use when it comes to hiring our forensic and remediation team. It works as follows:

  1. The initial step is to fill in the form provided in this application. This is very important because we look at your answers to this form before we look at any other part of your application. The way you answer our form will largely determine if your application moves on to the next step.
  2. If approved, we will ask you to answer a set of questions to further measure your aptitude in the required skills as well as your written communication.
  3. If you perform well on the questions, you will move on to a final phone interview via Skype.
  4. If you are successful, you will join our fast-paced team and start contributing valuable research to Wordfence and the larger online community. All Security Analyst positions start on a paid 3 week trial contract that is available part-time (at least 15 hours per week) with flexible hours.
Job tags: Forensics Google JavaScript Linux Military Open Source Penetration testing PHP Python Threat detection