Patchstack is looking for a Threat Analyst who has a deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP applications.
Do you have previous experience with performing code-reviews and finding security vulnerabilities in web applications? Would you be excited to make millions of websites more secure? Are you excited to work in a full-remote globally distributed company?
Patchstack is a cyber security company helping companies and software developers to identify & patch vulnerabilities in open-source code. We have a strong community focus with our own gamified bug bounty program called Patchstack Alliance.
Most importantly, we're looking for a full-time team member who is an excellent communicator and can grow with the rest of the team.
What we do:
- We provide a SaaS solution to detect and virtually patch plugin vulnerabilities
- We run a community-driven bug bounty platform (Patchstack Red Team) to nurture a community of independent security researchers behind the WordPress ecosystem.
- We maintain an open and free WordPress vulnerability database
- We provide professional code review and security auditing to WordPress plugins
Who are we hiring for a threat analyst position at Patchstack?
The candidate should have some industry certifications such as OSCP, OSWE, eWPT, etc. The position is full-time, remote (in the EU timezone).
We're looking for a self-disciplined professional with excellent communication skills who is fluent in the English language.
You'll be working in a fast-paced startup environment where everybody is involved in planning the direction and growth of the company.
While we provide a lot of personal freedom, we're looking for a solution-oriented person who is not afraid of challenges and is also happy to work on tasks that might not fall into everyday responsibilities.
Day-to-day tasks include:
- Threat hunting to find and analyze new vulnerabilities
- Validate new vulnerabilities reported by our community (Patchstack Alliance)
- Create and test virtual patches for new vulnerabilities
- Research and write in-depth articles about new threats and vulnerabilities
- Conduct pen-testing and code-reviews against PHP-based applications
- Must be familiar with industry standards like OWASP TOP 10, CVSS
Requirements for the threat analyst:
- Timezone: EEST (+/- 2 hours)
- Deep personal motivation to make the web a safer place for everyone
- Deep knowledge of AppSec
- Previous experience with security testing
- Fluent English in both speaking and writing
- Outstanding communication skills
- Good understanding of PHP and regex
Would be helpful:
- Knowledge of WordPress and other PHP-based content management systems
- Previous experience working in a web hosting or web security company
- Previous experience with analyzing malware from infected websites
- Previous vulnerability research and findings
- Previous experience working in a remote team
- Industry certifications
What we can offer:
- Highly impactful work
- No corporate environment
- Paid training for work-related personal development
- Paid vacations (35 days a year)
- Full-time telecommuting in a globally distributed team
- Co-working space membership or WFH equipment for home-office
- Fitness club or a local gym membership
- Competitive salary with stock options plan
- Awesome team members!
How to apply?
To apply to a threat analyst position at Patchstack, please submit your contact information and resume here.
