Jul 24, 2022
We are looking for a motivated Threat Analyst who will help us validate new security vulnerabilities and do security testing for PHP-based open-source components. It's a job where you could impact the security of millions of websites. We are building a cybercrime resistance with the help of the ethical hacker community. Together we make the open-source web safer for everyone. The candidate should have some industry certifications such as OSCP, OSWE, eWPT, etc. The position is full-time, remote (in the EU timezone).
Patchstack has a security vulnerability database for CMSs, a SaaS platform to provide real-time protection and a gamified bug hunting platform that covers all open-source components.
We are not looking for staff augmentation, agencies, or freelancers. We're looking for a full-time team member who can grow with the rest of the team.
We're looking for a self-disciplined professional with excellent communication skills who is fluent in the English language.
You'll be working in a fast-paced startup environment where everybody is involved in planning the direction and growth of the company.
While we provide a lot of personal freedom, we're looking for a solution-oriented person who is not afraid of challenges and is also happy to work on tasks that might not fall into everyday responsibilities.
Day-to-day tasks include:
Threat hunting to find and analyze new vulnerabilities
Validating new vulnerabilities reported by our community (Patchstack Red Team)
Creating and testing virtual patches for new vulnerabilities
Creating original research and writing in-depth articles about new threats and vulnerabilities
Conducting pen-testing and code-reviews (PHP based applications)
Must be familiar with industry standards like OWASP TOP 10, CVSS
Requirements for the threat analyst:
Deep personal motivation to make the web a safer place for everyone
Deep knowledge about AppSec
Previous experience with security testing
Fluent English in both speaking and writing
Outstanding communication skills
Knowledge about WordPress
Knowledge about other PHP based content management systems
Good understanding of regex
Would be helpful:
Previous experience working in a web hosting or web security company
Previous experience with analyzing malware from infected websites
Previous vulnerability research and findings
Previous experience working in a remote team
Industry certifications
What we can offer:
Work in a quickly growing tech company
Highly impactful work
No corporate environment
Paid training for work-related personal development
Paid vacations (35 days a year)
Full-time telecommuting in a globally distributed team
Co-working space membership or ergonomic desk equipment for home
Fitness club or a local gym membership
Competitive salary with stock options plan
To apply to a threat analyst position at Patchstack, please include your contact information, background, and employment history including job titles, starting and ending dates of employment.
If you have any references to your previous work and links to additional information (e.g. LinkedIn, blog, research articles) please add those as well. Forward your application to support+jobs@patchstack.com