Web Application Vulnerability Analyst - remote

Defiant Inc
Posted 2 years ago
Defiant is a small, dynamic, fast-growing, and profitable company with loyal customers who love our products and services. We are the global leader in WordPress security, protecting over 4 million websites.

We are looking for a Web Application Vulnerability Analyst with a focus on WordPress to join our Threat Intelligence team. In this role, you will be expected to analyze newly reported WordPress Plugin, Theme, and Core vulnerabilities to determine their exploitability, severity, impact and more along with determining existing coverage of the Wordfence firewall’s rules. You will also be expected to responsibly disclose any newly reported or discovered vulnerabilities to the appropriate parties when necessary. You will also have the opportunity to spend time conducting WordPress based web application security research when not focusing on other required tasks.

Are you excited about working for a technology company that is securing the web? Are you looking for full-time, flexible hours* working remotely from anywhere in the United States? If so, this may be your dream job!

This position requires that you be eligible to work in the US without immigration assistance and that you currently live in the US.

*Required core hours of 10am - 1pm Pacific Time, Monday through Friday.

$100,000 to $115,000 salary along with a $15,000 signing bonus.


Requirements

  • Perform vulnerability analysis to determine vulnerability type, impact, severity, and more. Prioritize response based on this data.
  • Review source code changes in WordPress based software to identify common vulnerabilities that may have been patched.
  • Perform responsible disclosure for vulnerabilities discovered by themself or reported to the Wordfence Threat Intelligence team.
  • Develop proofs of concept, programmatically or conceptually, to test the exploitability of vulnerabilities.
  • Replicating exploitation of a vulnerability in a test environment.
  • Manage database of known WordPress vulnerabilities and continue to populate new records based on incoming vulnerability feeds.
  • Perform WordPress vulnerability research to uncover new vulnerabilities when not handling other responsibilities.

Our ideal candidate has:

  • Technical experience with WordPress.
  • Experience with security research and writing vulnerability reports.
  • Experience with responsible vulnerability disclosure.
  • Experience generating/modifying HTTP requests.
  • Experience working with BURP suite, or similar software, and a PHP debugger.
  • Familiarity with the CVE Program and CVE IDs.
  • Certifications, or desire to obtain certifications, are always a bonus (OSWE, eWPTx, PenTest+, Security+, eWPT, GWAPT, etc..)
  • Experience formulating CVSS scores and identifying CWEs for vulnerability types.
  • Experience programmatically interacting with REST APIs.
  • Experience with writing and/or testing Web Application Firewall rules, or familiarity with functionality of access control lists.
  • Comfortable with diff'ing and searching files using command line tools.
  • Basic understanding of WordPress hooks and how they are used.
  • Experience working with REGEX.
  • Experience with requesting CVE IDs for vulnerabilities is a plus.
  • Eagerness to learn and think outside of the box.

Desired Qualifications:

  • Familiarity with applicable OWASP vulnerabilities and their basic operation.
  • Comfortable with reading and reviewing PHP code and identifying common vulnerabilities.
  • Familiarity with common WordPress related vulnerabilities - both generic and WordPress specific related coding flaws.
  • Comfortable writing simple scripts and automations.
  • Comfortable writing basic SQL queries.

All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.

All offers of employment are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a offer of employment with the company.


Benefits

  • $15,000 hiring bonus.
  • Full time telecommuting and flexible working hours, with a company that has been 100% remote for over 8 years.
  • 100% employee premium and 50% of dependent premium paid by company for premier- level medical, dental, and vision insurance.
  • 21 days PTO per year to start.
  • Approximately 12 paid company holidays including the week from December 25 to January 1.
  • 401(k) with a 4% Safe Harbor company match that is 100% vested immediately.
  • Latest in laptop and workstation technology.
  • Wellness reimbursement program for health and fitness purchases.
  • Mobile phone and internet reimbursement up to $100 per month.
  • Monthly beverage reimbursement for coffee, tea, water, etc.
  • Paid training and study time for work-related training and certifications.
  • College tuition and Student Loan reimbursement.

Diversity at Defiant

We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.