🛠 Tech Stack

💼 About This Role

You'll join the security team at Automattic to analyze vulnerable and malicious code and track emerging threats across the WordPress ecosystem. Your work will directly help detect and prevent malware for platforms like WP Cloud, WPScan, and Jetpack Protect. This role offers a chance to build tools and processes that make a broad impact on web security.

🎯 What You'll Do

• Analyze vulnerable and malicious code.
• Track emerging security threats.
• Build tools to detect and prevent malware.
• Operationalize security solutions.

📋 Requirements

• 3+ years as a security researcher or equivalent.
• Understand XSS, injection, hijacking, and other attack vectors.
• Experience with PHP and software engineering.
• Strong ability to use AI tools to accelerate work.

✨ Nice to Have

• Experience with penetration testing tools.
• Previous experience with malware detection systems.
• Know WordPress file and database structures.

🎁 Benefits & Perks

• 🏖️ Open vacation policy
• 💰 Personal development budget for courses and conferences
• 🌍 Fully remote company
• 🏥 Benefits vary by country (see Benefits Page)

📨 Hiring Process

Estimated timeline: 3-5 weeks · AI estimate

1. 1Application Review· 1-2 weeks
2. 2Technical Interview· 1 hour
3. 3Team Fit Interview· 45 min
4. 4Offer· 1 week