Senior Security Research Engineer (PHP)

TL;DR

Senior Security Research Engineer (PHP): Analyzing vulnerable and malicious code to protect the WordPress ecosystem with an accent on threat modeling and malware detection. Focus on building tools to detect and remediate security issues across WP Cloud, WPScan, and Jetpack Protect.

Location: Remote (Global)

Salary: $70,000–$170,000 USD

Company

The company behind WordPress.com, WooCommerce, Tumblr, and Jetpack, dedicated to democratizing publishing and commerce globally.

What you will do

• Analyze vulnerable and malicious code and track emerging threats within the WordPress ecosystem.
• Build tools and processes to detect, prevent, and remediate malware and security issues.
• Collaborate on code reviews and contribute to security architecture and design discussions.
• Leverage AI tools to accelerate security analysis and improve the quality of solutions.
• Support the security foundation of WP Cloud, WPScan, and Jetpack Protect.

Requirements

• 3+ years of experience as a security researcher or investigating vulnerabilities and threats.
• Deep understanding of threat models, XSS, injection, hijacking, and social engineering.
• Proficiency in PHP and general software engineering principles.
• Ability to travel 2-3 weeks per year for team meetups.
• Strong ability to integrate AI tools into your professional workflow.

Nice to have

• Experience with penetration testing and related toolsets.
• Previous background in developing malware detection systems.
• A track record of reporting vulnerabilities.
• Knowledge of WordPress file and database structures.
• Experience writing and debugging WordPress plugins and themes.

Culture & Benefits

• Fully-remote, distributed work environment.
• Open vacation policy.
• Generous personal development budget for courses, books, and conferences.
• Diverse leadership paths, including team lead and release management roles.
• Commitment to Open Source with most work available under the GPL.