Security Analyst for Infected Websites (Contract)

Headquarters: Seattle, WA
URL: https://www.wordfence.com/

We're seeking a Security Analyst to work on an hourly contract basis from your home office, with 100% availability during that time.

The following shifts are available:

Sunday-Thursday, 3:00 AM - 11:00 AM ET (40 hrs/wk)
Tuesday-Saturday, 11:00 PM - 7:00 AM ET (40 hrs/wk)
Saturday-Sunday, 11:00 AM - 7:00 PM ET (16 hrs/wk)

Candidates in regions where these hours strongly align with their normal business hours are encouraged to apply. You do not have to be based in the USA.

The contract rate for this role is $25-30 USD per hour, depending on experience.

Job Description

We are looking for Security Analysts to join our Care and Response Team. You will assist our customers with support questions related to our product and investigate site intrusions, as well as repair their sites and remove all traces of compromise.

Additionally, you will collect and process evidence from intrusions that will help improve our threat detection. You will need to determine how the intrusion occurred, collect all IOCs (indicators of compromise), and work with our Threat Intelligence team on vulnerability research and malware signature development.

In your downtime, you will triage and validate vulnerability reports submitted through our Bug Bounty Program. You’ll assess impact to prioritize submissions, reproduce and analyze vulnerabilities in controlled environments, and identify root causes in source code. You will document findings, recommend fixes or custom firewall rules, and propose bounty amounts based on severity and impact.

You will collaborate with developers, customer support, and disclosure teams, as well as validate that patches are sufficient once released.

General requirements:

• Highly technical and comfortable with a wide range of open source tools such as grep, find, etc.
• Excellent written and verbal communication skills.
• Ability to interact with customers professionally.
• Work well in a team and work independently without additional guidance.
• Excellent analytical ability, ability to think outside of the box, and an eagerness to learn.
• Must have attention to detail.

The specific skills we require for this position are:

• 3+ years of experience with WordPress required.
• Technical experience with common web application based vulnerabilities in WordPress plugins and themes. 
• A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.
• 5+ years of experience administering multiple Linux stacks. (We don't support Windows.)
• 5+ years of experience with MySQL.
• 2+ years of experience conducting remediation of compromised websites, including analysis of how the intrusion occurred, removing the intrusion vector, and restoring the site to a fully functional state.
• Experience in vulnerability research is a plus, which includes:
• Ability to develop proof of concepts programmatically or conceptually to test the exploitability of vulnerabilities, and the general ability to read/understand programmatic and conceptual proof of concepts.
• Ability to replicate the exploitability of vulnerabilities in a test environment. 
• Ability to review source code changes to determine if a vulnerability was patched and what the patch was for.
• Experience generating/modifying HTTP requests.
• Experience working with BURP suite or similar proxy software and a PHP debugger.
• A solid understanding of regular expressions. Must be able to write expressions on the fly to match and remove only malicious code (often polymorphic) without affecting any legitimate code and to write malware signatures for our products.
• Ability to write and read PHP, regular expressions, cron jobs, and JavaScript.
• Understanding of all major vulnerability types and the ability to explain them to a customer in terms they can understand.
• Ability to analyze log files and determine how an intrusion occurred.
• Certifications in penetration testing or forensics are a strong plus.
• Assist other teams during downtime.

Hiring Process

We review all applications submitted and respond to all candidates usually within one to two weeks.

1. Please fill in the form provided in this application. The hiring team will look at this first. The way you answer our form will determine if your application moves to the next step. Please note that we read every answer and this form is a critical part of our hiring process.
2. Candidates who appear to have the right skills from the initial application will be sent a more detailed Assessment Test to further assess skills.
3. Participate in a series of phone interviews. We are respectful of your time and keep the number of interviews you will need to attend to a minimum. This is usually two or three interviews. All interviews are done remotely with no travel involved.
4. All contracts and offers of employment are contingent on the successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a contract or employment with the company.
5. All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.

Benefits

Full-time telecommuting with a company that has been 100% remote for over 8 years.

Diversity at Defiant

We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.

To apply: https://weworkremotely.com/remote-jobs/defiant-inc-security-analyst-for-infected-websites-contract