Senior Web Application Vulnerability Researcher
United States - Remote
Wordfence is owned and operated by Defiant Inc. We are a small, dynamic, fast-growing, and profitable company with loyal customers who love our products and services. We are the global leader in WordPress security, protecting over 4 million websites. We regularly release high-quality software, firewall rules, and threat intelligence to millions of customers around the world. We also publish ground-breaking security research weekly that is covered by journalists and information security professionals and publications around the world.
If you are excited about working for a technology company that is securing a huge part of the Web and are looking for a full-time job with flexible hours working remotely, this may be your dream job! Our core hours are 10 am to 1 pm Pacific time and our team has flexibility outside those hours.
Full time salary of $115,000 to $130,000, depending on experience.
This position requires that you be eligible to work in the US without immigration assistance and that you currently live in the US.
Company Culture
You'll work with a talented and highly-motivated team that is friendly, fast-moving, self-managing, and highly capable with a sense of humor. Our team's family time is important; we won't typically require long hours when we can avoid it, which is almost always.
Our entire team works remotely using Slack for casual interaction, so you can live practically anywhere in the World if you have an Internet connection. There's no micro-management here—we trust that you will see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed.
At Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task, communicate clearly with stakeholders, and see the task to completion with superb attention to detail.
We use apps like Slack, FogBugz, GitHub, and Google Apps for our workflow.
Requirements
- Perform vulnerability analysis to determine vulnerability type, impact, severity, and more. Prioritize response based on this data.
- Review source code changes in WordPress based software to identify common vulnerabilities that may have been patched.
- Perform responsible disclosure for vulnerabilities discovered by themself or reported to the Wordfence Threat Intelligence team.
- Develop proofs of concept, programmatically or conceptually, to test the exploitability of vulnerabilities.
- Replicating exploitation of a vulnerability in a test environment.
- Manage database of known WordPress vulnerabilities and continue to populate new records based on incoming vulnerability feeds.
- Perform WordPress vulnerability research to uncover new vulnerabilities when not handling other responsibilities.
Our ideal candidate has:
- Technical experience with WordPress.
- Experience with security research and writing vulnerability reports.
- Experience with responsible vulnerability disclosure.
- Experience generating/modifying HTTP requests.
- Experience working with BURP suite, or similar software, and a PHP debugger.
- Familiarity with the CVE Program and CVE IDs.
- Certifications, or desire to obtain certifications, are always a bonus (OSWE, eWPTx, PenTest+, Security+, eWPT, GWAPT, etc..)
- Experience formulating CVSS scores and identifying CWEs for vulnerability types.
- Experience programmatically interacting with REST APIs.
- Experience with writing and/or testing Web Application Firewall rules, or familiarity with functionality of access control lists.
- Comfortable with diff'ing and searching files using command line tools.
- Basic understanding of WordPress hooks and how they are used.
- Experience working with REGEX.
- Experience with requesting CVE IDs for vulnerabilities is a plus.
- Eagerness to learn and think outside of the box.
Desired Qualifications:
- Familiarity with applicable OWASP vulnerabilities and their basic operation.
- Comfortable with reading and reviewing PHP code and identifying common vulnerabilities.
- Familiarity with common WordPress related vulnerabilities - both generic and WordPress specific related coding flaws.
- Comfortable writing simple scripts and automations.
- Comfortable writing basic SQL queries.
Hiring Process:
- Please fill in the form provided in this application. The hiring team will look at this first. The way you answer our form will determine if your application moves to the next step. Please note that we read every answer and this form is a critical part of our hiring process.
- Candidates who appear to have the right skills from the initial application will be sent a more detailed Assessment Test to further assess skills.
- Participate in a series of phone interviews. We are respectful of your time, and keep the number of interviews you will need to attend to a minimum. This is usually two or three interviews.
- All contracts and offers of employment are contingent on the successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a contract or employment with the company.
- Join our fast-paced team and start testing our products and and helping release software to over 4 million customers! All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.
Benefits
- Full time telecommuting and flexible working hours, with a company that has been 100% remote for over 8 years.
- 100% employee premium and 50% of dependent premium paid by company for premier- level medical, dental, and vision insurance.
- 21 days PTO per year to start.
- 11 paid company holidays including the week from December 25 to January 1.
- 401(k) with a 4% Safe Harbor company match that is 100% vested immediately.
- Latest in laptop and workstation technology.
- Wellness reimbursement program for health and fitness purchases.
- Mobile phone and internet reimbursement up to $100 per month.
- Monthly beverage reimbursement for coffee, tea, water, etc.
- Paid training and study time for work-related training and certifications.
- College tuition and Student Loan reimbursement.
Diversity at Defiant
We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.
Tags: APIs Burp Suite CVSS eWPT eWPTx Firewalls GitHub GWAPT IDS OSWE OWASP PHP SQL Threat intelligence Vulnerabilities
Perks/benefits: 401(k) matching Career development Fitness / gym Flex hours Flex vacation Gear Health care Insurance Salary bonus Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs