Patchstack Is Hiring a Threat Analyst

Published 25 November 2021
Updated 17 July 2023

Patchstack is looking for a Threat Analyst who has a deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP applications.

Do you have previous experience with performing code-reviews and finding security vulnerabilities in web applications? Would you be excited to make millions of websites more secure? Are you excited to work in a full-remote globally distributed company?

Patchstack is a cyber security company helping companies and software developers to identify & patch vulnerabilities in open-source code. We have a strong community focus with our own gamified bug bounty program called Patchstack Alliance.

Most importantly, we’re looking for a full-time team member who is an excellent communicator and can grow with the rest of the team.

What we do:

Who are we hiring for a threat analyst position at Patchstack?

The candidate should have some industry certifications such as OSCP, OSWE, eWPT, etc. The position is full-time, remote (in the EU timezone).

We’re looking for a self-disciplined professional with excellent communication skills who is fluent in the English language.

You’ll be working in a fast-paced startup environment where everybody is involved in planning the direction and growth of the company.

While we provide a lot of personal freedom, we’re looking for a solution-oriented person who is not afraid of challenges and is also happy to work on tasks that might not fall into everyday responsibilities.

Day-to-day tasks include:

  • Threat hunting to find and analyze new vulnerabilities
  • Validate new vulnerabilities reported by our community (Patchstack Alliance)
  • Create and test virtual patches for new vulnerabilities
  • Research and write in-depth articles about new threats and vulnerabilities
  • Conduct pen-testing and code-reviews against PHP-based applications
  • Must be familiar with industry standards like OWASP TOP 10, CVSS

Requirements for the threat analyst:

  • Timezone: EEST (+/- 2 hours)
  • Deep personal motivation to make the web a safer place for everyone
  • Deep knowledge of AppSec
  • Previous experience with security testing
  • Fluent English in both speaking and writing
  • Outstanding communication skills
  • Good understanding of PHP and regex

Would be helpful:

  • Knowledge of WordPress and other PHP-based content management systems
  • Previous experience working in a web hosting or web security company
  • Previous experience with analyzing malware from infected websites
  • Previous vulnerability research and findings
  • Previous experience working in a remote team
  • Industry certifications

What we can offer:

  • Highly impactful work
  • No corporate environment
  • Paid training for work-related personal development
  • Paid vacations (35 days a year)
  • Full-time telecommuting in a globally distributed team
  • Co-working space membership or WFH equipment for home-office
  • Fitness club or a local gym membership
  • Competitive salary with stock options plan
  • Awesome team members!

How to apply?

To apply to a threat analyst position at Patchstack, please submit your contact information and resume here.

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.