WP Cloud powers WordPress at scale, and security is a critical part of that foundation. We’re expanding our security team to support WP Cloud, while also contributing to the protection and intelligence provided by WPScan and Jetpack Protect. As a Security Researcher, you will analyze vulnerable and malicious code, track emerging threats, and help build the tools and processes that detect, prevent, and remediate malware and other security issues across the WordPress ecosystem. If you have a knack for solving puzzles and a passion for documenting and operationalizing solutions, this is a great opportunity to make a broad impact.
The Senior Security Engineer position might be a good fit if you:
- Enjoy securing and protecting websites and applications.
- Have at least 3 years of experience as a security researcher, or equivalent experience investigating vulnerabilities, malware, or other threats.
- Understand threat models, security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, along with how to mitigate them.
- Have experience with PHP and some exposure to software engineering.
- Are highly collaborative, and love participating in code reviews and discussions about architecture or design.
- Have a strong ability to use AI tools effectively to accelerate your work, improve analysis, and enhance the quality of your solutions.
- Are open, and able, to travel 2-3 weeks per year to meet up with your teammates in person.
Extra Credit:
- Experience with penetration testing and associated tools.
- Previous experience with malware detection systems.
- Reported vulnerabilities in the past.
- Know your way around WordPress and its file and database structures.
- Have experience writing and debugging WordPress plugins and themes.
Speaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:
- Leadership – we offer a variety of leadership options to those who have an interest, including becoming a team lead and managing releases.
- Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences.
- Architecture – we encourage developers to build expertise in the systems they work with, guide their evolution, and mentor other developers working on them.
- Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process
Compensation and Benefits
Salary range: $70,000-$170,000 USD. Please note that salary ranges are global, regardless of location, and we pay in local currency.
We are searching for high-caliber candidates with the skills and qualities to have a net positive for Automattic. Pay will reflect the potential contribution and the impact you can bring, which may, in some cases, go beyond the range stated.
This isn’t your typical work-from-home job—we are a fully-remote company with an open vacation policy. Read more about our compensation philosophy. To see a full list of benefits by country, consult our Benefits Page.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.