Security Engineer, WordPress.org

Website Automattic

As a Security Engineer, you will:

  • Develop fixes for reported vulnerabilities and known issues.
  • Research and identify vulnerabilities in code and mitigate them before they’re discovered.
  • Coordinate with other WordPress contributors and security team members to move forward stalled issues.

The Security Engineer position might be a good fit if you:

  • Have a deep understanding of WordPress, its file, and database structures.
  • Have experience writing and debugging WordPress plugins and themes.
  • Have a deep foundation of PHP internals.
  • Have experience in JavaScript APIs and React.
  • Have a love for securing and protecting websites and applications.
  • Understand security threats, vulnerabilities, and common attack vectors such as XSS, SQL injection, session management, and so on, and how to mitigate them.
  • Have a deep understanding of HTTP(S) and networking protocols (e.g., TCP/IP).
  • You are highly collaborative and love participating in code reviews and discussions about architecture or design.
  • You are open and able to travel 3-4 weeks per year to meet your teammates in person.

Extra Credit:

  • Reported vulnerabilities in the past.
  • Experience with HackerOne.
  • Experience with penetration testing and associated tools.
  • Previous experience with malware detection systems.
  • Are familiar with large-scale systems.

Speaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:

  • Leadership – we offer various leadership options to those who have an interest, including becoming a team lead and managing releases.
  • Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences.
  • Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution, and mentor other developers working on them.
  • Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.

To apply for this job please visit boards.greenhouse.io.