Senior Security Research Engineer

Automattic is a company that powers WordPress at scale, and they are expanding their security team to enhance the protection and intelligence of their products. The Senior Security Research Engineer will analyze vulnerabilities and malicious code, track emerging threats, and develop tools to detect and remediate security issues across the WordPress ecosystem.

Responsibilities:

• Analyze vulnerable and malicious code
• Track emerging threats
• Help build the tools and processes that detect, prevent, and remediate malware and other security issues across the WordPress ecosystem
• Secure and protect websites and applications
• Collaborate with team members in code reviews and architecture discussions
• Use AI tools effectively to accelerate work and enhance solution quality

Requirements:

• Enjoy securing and protecting websites and applications
• Have at least 3 years of experience as a security researcher, or equivalent experience investigating vulnerabilities, malware, or other threats
• Understand threat models, security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, along with how to mitigate them
• Have experience with PHP and some exposure to software engineering
• Are highly collaborative, and love participating in code reviews and discussions about architecture or design
• Have a strong ability to use AI tools effectively to accelerate your work, improve analysis, and enhance the quality of your solutions
• Are open, and able, to travel 2-3 weeks per year to meet up with your teammates in person
• Experience with penetration testing and associated tools
• Previous experience with malware detection systems
• Reported vulnerabilities in the past
• Know your way around WordPress and its file and database structures
• Have experience writing and debugging WordPress plugins and themes