Updated: 25-11-21

Patchstack Is Hiring A Threat Analyst

Oliver Sild
from patchstack

We are looking for a motivated Threat Analyst who will help us validate new security vulnerabilities and do security testing for PHP-based open-source components. It's a job where you could impact the security of millions of websites.

Patchstack is building a cybercrime resistance with the help of the ethical hacker community. Together we make the open-source web safer for everyone.

Patchstack has a security vulnerability database for CMSs, a SaaS platform to provide real-time protection and a gamified bug hunting platform that covers all open-source components.

We are not looking for staff augmentation, agencies, or freelancers. We're looking for a full-time team member who can grow with the rest of the team.

What we do:

1) We provide a SaaS solution to detect and vpatch plugin vulnerabilities patchstack.com/solutions/
2) We run a community-driven bug bounty platform (Patchstack Red Team) to nurture a community of independent security researchers behind the WordPress ecosystem.
3) We maintain an open and free WordPress vulnerability database patchstack.com/database/
4) We provide professional code review and security auditing to WordPress plugins 

Who are we hiring for a threat analyst position at Patchstack?

The candidate should have some industry certifications such as OSCP, OSWE, eWPT, etc. The position is full-time, remote (in the EU timezone).

We're looking for a self-disciplined professional with excellent communication skills who is fluent in the English language.

You'll be working in a fast-paced startup environment where everybody is involved in planning the direction and growth of the company.

While we provide a lot of personal freedom, we're looking for a solution-oriented person who is not afraid of challenges and is also happy to work on tasks that might not fall into everyday responsibilities.

Day-to-day tasks include:

  • Threat hunting to find and analyze new vulnerabilities
  • Validating new vulnerabilities reported by our community (Patchstack Red Team)
  • Creating and testing virtual patches for new vulnerabilities
  • Creating original research and writing in-depth articles about new threats and vulnerabilities
  • Conducting pen-testing and code-reviews (PHP based applications)
  • Must be familiar with industry standards like OWASP TOP 10, CVSS

Requirements for the threat analyst:

  • Deep personal motivation to make the web a safer place for everyone
  • Deep knowledge about AppSec
  • Previous experience with security testing
  • Fluent English in both speaking and writing
  • Outstanding communication skills
  • Knowledge about WordPress
  • Knowledge about other PHP based content management systems
  • Good understanding of regex

Would be helpful:

  • Previous experience working in a web hosting or web security company
  • Previous experience with analyzing malware from infected websites
  • Previous vulnerability research and findings
  • Previous experience working in a remote team
  • Industry certifications

What we can offer:

  • Work in a quickly growing tech company
  • Highly impactful work
  • No corporate environment
  • Paid training for work-related personal development
  • Paid vacations (35 days a year)
  • Full-time telecommuting in a globally distributed team
  • Co-working space membership or ergonomic desk equipment for home
  • Fitness club or a local gym membership
  • Competitive salary with stock options plan

How to apply?

To apply to a threat analyst position at Patchstack, please include your contact information, background, and employment history including job titles, starting and ending dates of employment.

If you have any references to your previous work and links to additional information (e.g. LinkedIn, blog, research articles) please add those as well.

Click here to apply!

Share This Article
Related Articles
NO Credit card required

Protect your WordPress sites against plugin, theme and core vulnerabilities

crossmenu