Security Engineer, WordPress.org

Remote

Automattic Inc. logo
Automattic Inc.
Apply now Apply later

Posted 1 week ago

As a Security Engineer, you will:

  • Develop fixes for reported vulnerabilities and known issues.
  • Research and identify vulnerabilities in code and mitigate them before they're discovered.
  • Coordinate with other WordPress contributors and security team members to move forward stalled issues.

The Security Engineer position might be a good fit if you:

  • Have a deep understanding of WordPress, its file, and database structures.
  • Have experience writing and debugging WordPress plugins and themes.
  • Have a deep foundation of PHP internals.
  • Have experience in JavaScript APIs and React.
  • Have a love for securing and protecting websites and applications.
  • Understand security threats, vulnerabilities, and common attack vectors such as XSS, SQL injection, session management, and so on, and how to mitigate them.
  • Have a deep understanding of HTTP(S) and networking protocols (e.g., TCP/IP).
  • You are highly collaborative and love participating in code reviews and discussions about architecture or design.
  • You are open and able to travel 3-4 weeks per year to meet your teammates in person.

Extra Credit:

  • Reported vulnerabilities in the past.
  • Experience with HackerOne.
  • Experience with penetration testing and associated tools.
  • Previous experience with malware detection systems.
  • Are familiar with large-scale systems.

Speaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:

  • Leadership – we offer various leadership options to those who have an interest, including becoming a team lead and managing releases.
  • Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences.
  • Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution, and mentor other developers working on them.
  • Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.

Diversity, Equity, & Inclusion at Automattic

We’re improving diversity in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our DEI committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly DEI People Lab series for further learning. DEI is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity, equity, and inclusion and our Employee Resource Groups.

Curious who works in engineering at Automattic? Meet our JavaScript Engineers – Lena and Riad.

How to apply

Does this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking forward to having you in the process with us.

Job tags: Architecture JavaScript Malware Penetration testing PHP TCP/IP Vulnerabilities
Job region(s): Remote/Anywhere
Job stats:  45  6  1
Share this job: