Security Analyst, Infected Websites

Job Description:• Assist customers with support questions related to our product and investigate site intrusions. • Repair infected sites and remove all traces of compromise; determine how the intrusion occurred and remove the intrusion vector. • Collect and process evidence from intrusions and collect all IOCs (indicators of compromise). • Work with Threat Intelligence team on vulnerability research and malware signature development. • Triage and validate vulnerability reports submitted through the Bug Bounty Program: assess impact, reproduce and analyze vulnerabilities in controlled environments, and identify root causes in source code.• Document findings, recommend fixes or custom firewall rules, and propose bounty amounts based on severity and impact. • Collaborate with developers, customer support, and disclosure teams; validate that patches are sufficient once released. • Use tools and workflows including Slack, FogBugz, GitHub, and bolthires Apps. Requirements:• 3+ years of experience with WordPress required. • Technical experience with common web application based vulnerabilities in WordPress plugins and themes. • A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.• 5+ years of experience administering multiple Linux stacks (We don't support Windows). • 5+ years of experience with MySQL. • 2+ years of experience conducting remediation of compromised websites, including analysis of how the intrusion occurred, removing the intrusion vector, and restoring the site to a fully functional state. • Highly technical and comfortable with a wide range of open source tools such as grep, find, etc. • Excellent written and verbal communication skills; ability to interact with customers professionally.• Work well in a team and work independently without additional guidance. • Excellent analytical ability, ability to think outside of the box, and an eagerness to learn. • Must have attention to detail. • Experience in vulnerability research is a plus: ability to develop proof of concepts programmatically or conceptually; ability to replicate exploitability in a test environment; ability to review source code changes to determine if a vulnerability was patched; experience generating/modifying HTTP requests; experience working with BURP suite or similar proxy software and a PHP debugger.• A solid understanding of regular expressions; must be able to write expressions on the fly to match and remove only malicious code and to write malware signatures for our products. • Ability to write and read PHP, regular expressions, cron jobs, and JavaScript. • Understanding of all major vulnerability types and the ability to explain them to a customer in terms they can understand. • Ability to analyze log files and determine how an intrusion occurred. • Certifications in penetration testing or forensics are a strong plus.Benefits:• Full-time telecommuting with a company that has been 100% remote for over 8 years. • You will be paid for this short-term contract (approximately 2-3 week trial, minimum 10 hours/week). • We won't typically require long hours when we can avoid it (family time is important). • Remote work using Slack, FogBugz, GitHub, and bolthires Apps. • Trust-based, no micromanagement culture; friendly, fast-moving, self-managing team with a sense of humor. • Diversity and non-discrimination policy. Apply tot his job