Malware Analyst (Security)

TL;DR

Malware Analyst (Security): Analyzing and classifying web malware like PHP shells and JavaScript injectors with an accent on reverse-engineering obfuscated code to understand attacker techniques. Focus on writing and refining PCRE-based detection signatures for scanning engines and researching emerging threats.

Location: Fully remote (Global)

Company

hirify.global Inc. is a product company developing the Imunify360 Security Suite, an innovative security solution designed specifically for shared and VPS/Dedicated servers.

What you will do

• Analyze and classify web malware including PHP shells, JavaScript injectors, WordPress backdoors, SEO spam, and cryptominers.
• Reverse-engineer obfuscated PHP and JavaScript to understand attacker techniques and extract detection patterns.
• Write and refine PCRE-based detection signatures for the scanning engine, ensuring precision and efficiency.
• Maintain processing SLAs as part of a globally distributed team providing round-the-clock malware coverage.
• Research emerging threats such as new CMS exploitation techniques, supply-chain attacks on plugins/themes, and zero-day delivery methods.

Requirements

• Strong PCRE regex expertise, understanding anchors, non-capturing groups, and performance implications.
• 3+ years working with PHP and/or JavaScript, including reading, understanding, and analyzing code.
• Experience with web malware reverse engineering, JS/PHP deobfuscation, and unpacking encoded payloads.
• Understanding of web attack injection, XSS, RCE, and file upload exploits, and their manifestation in hosting environments.
• Familiarity with web server and shared hosting architecture, including Apache/Nginx/LiteSpeed, WAF, Namespaces, cgroups, and Linux File system permissions.
• English proficiency at upper-intermediate level or above.

Nice to have

• Experience with WordPress internals (themes, plugins, hooks).
• Hands-on website cleanup or incident response experience.
• Penetration testing or red team background.
• Python scripting for automation and tooling.
• Experience with YARA rules or other signature formats.
• Familiarity with cPanel, Plesk, or DirectAdmin environments.

Culture & Benefits

• Work a standard 5-day week (5 on / 2 off) on a fixed schedule aligned with your time zone.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Reimbursement for co-working spaces and gym/sports activities.
• Opportunity to receive a reward for the most innovative idea that the company can patent.