Defiant
Cybersecurity • SaaS • Web 3
Defiant is a global leader in WordPress security, offering protection from known and emerging threats to businesses of all sizes with mission-critical WordPress installations. Specializing in incident response and long-term security solutions, Defiant is trusted by security experts and protects over 4 million websites with its popular Wordfence firewall and malware scanner. The company is composed of over 35 security professionals passionate about safeguarding WordPress assets, operating as a 100% remote organization with a culture valuing family and personal time. Headquartered primarily in the United States, Defiant provides customized security solutions, continuous monitoring, protection, and code reviews, making it a preferred partner for businesses needing robust WordPress security.
11 - 50 employees
Founded 2012
🔒 Cybersecurity
☁️ SaaS
🌐 Web 3
Security Analyst, Infected Websites
Job not on LinkedIn
September 18
🇺🇸 United States – Remote
💵 $25 - $30 / hour
⏳ Contract/Temporary
🟢 Junior
🟡 Mid-level
🔐 Security Analyst
🚫👨🎓 No degree required
🦅 H1B Visa Sponsor
Defiant
Cybersecurity • SaaS • Web 3
Defiant is a global leader in WordPress security, offering protection from known and emerging threats to businesses of all sizes with mission-critical WordPress installations. Specializing in incident response and long-term security solutions, Defiant is trusted by security experts and protects over 4 million websites with its popular Wordfence firewall and malware scanner. The company is composed of over 35 security professionals passionate about safeguarding WordPress assets, operating as a 100% remote organization with a culture valuing family and personal time. Headquartered primarily in the United States, Defiant provides customized security solutions, continuous monitoring, protection, and code reviews, making it a preferred partner for businesses needing robust WordPress security.
11 - 50 employees
Founded 2012
🔒 Cybersecurity
☁️ SaaS
🌐 Web 3
📋 Description
• Assist customers with support questions related to our product and investigate site intrusions. • Repair infected sites and remove all traces of compromise; determine how the intrusion occurred and remove the intrusion vector. • Collect and process evidence from intrusions and collect all IOCs (indicators of compromise). • Work with Threat Intelligence team on vulnerability research and malware signature development. • Triage and validate vulnerability reports submitted through the Bug Bounty Program: assess impact, reproduce and analyze vulnerabilities in controlled environments, and identify root causes in source code. • Document findings, recommend fixes or custom firewall rules, and propose bounty amounts based on severity and impact. • Collaborate with developers, customer support, and disclosure teams; validate that patches are sufficient once released. • Use tools and workflows including Slack, FogBugz, GitHub, and Google Apps.
🎯 Requirements
• 3+ years of experience with WordPress required. • Technical experience with common web application based vulnerabilities in WordPress plugins and themes. • A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities. • 5+ years of experience administering multiple Linux stacks (We don't support Windows). • 5+ years of experience with MySQL. • 2+ years of experience conducting remediation of compromised websites, including analysis of how the intrusion occurred, removing the intrusion vector, and restoring the site to a fully functional state. • Highly technical and comfortable with a wide range of open source tools such as grep, find, etc. • Excellent written and verbal communication skills; ability to interact with customers professionally. • Work well in a team and work independently without additional guidance. • Excellent analytical ability, ability to think outside of the box, and an eagerness to learn. • Must have attention to detail. • Experience in vulnerability research is a plus: ability to develop proof of concepts programmatically or conceptually; ability to replicate exploitability in a test environment; ability to review source code changes to determine if a vulnerability was patched; experience generating/modifying HTTP requests; experience working with BURP suite or similar proxy software and a PHP debugger. • A solid understanding of regular expressions; must be able to write expressions on the fly to match and remove only malicious code and to write malware signatures for our products. • Ability to write and read PHP, regular expressions, cron jobs, and JavaScript. • Understanding of all major vulnerability types and the ability to explain them to a customer in terms they can understand. • Ability to analyze log files and determine how an intrusion occurred. • Certifications in penetration testing or forensics are a strong plus.
🏖️ Benefits
• Full-time telecommuting with a company that has been 100% remote for over 8 years. • You will be paid for this short-term contract (approximately 2-3 week trial, minimum 10 hours/week). • We won't typically require long hours when we can avoid it (family time is important). • Remote work using Slack, FogBugz, GitHub, and Google Apps. • Trust-based, no micromanagement culture; friendly, fast-moving, self-managing team with a sense of humor. • Diversity and non-discrimination policy.
Apply Now