PHP Security Analyst
Time zones: SBT (UTC +11) GMT (UTC +0) CET (UTC +1) EET (UTC +2) MSK (UTC +3)
Patchstack is looking for a Threat Analyst who has deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP applications.
Do you have previous experience with performing code-reviews and finding security vulnerabilities in web applications? Would you be excited to make millions of websites more secure? Are you excited to work in a full-remote globally distributed company?
Patchstack is a cyber security company helping companies and software developers to identify & patch vulnerabilities in open-source code. We have a strong community focus with our own gamified bug bounty program called Patchstack Alliance.
Most importantly, we're looking for a full-time team member who is an excellent communicator can grow with the rest of the team.
Day-to-day tasks include:
- Threat hunting to find and analyze new vulnerabilities
- Validate new vulnerabilities reported by our community (Patchstack Alliance)
- Create and test virtual patches for new vulnerabilities
- Research and write in-depth articles about new threats and vulnerabilities
- Conduct pen-testing and code-reviews against PHP based applications
- Must be familiar with industry standards like OWASP TOP 10, CVSS
- Timezone: EEST (+/- 2 hours)
- Deep personal motivation to make the web a safer place for everyone
- Deep knowledge about AppSec
- Previous experience with security testing
- Fluent English in both speaking and writing
- Outstanding communication skills
- Good understanding of PHP and regex
Would be helpful:
- Knowledge about WordPress and other PHP based content management systems
- Previous experience working in a web hosting or web security company
- Previous experience with analyzing malware from infected websites
- Previous vulnerability research and findings
- Previous experience working in a remote team
- Industry certifications
What Patchstack can offer:
- Highly impactful work
- No corporate environment
- Paid training for work-related personal development
- Paid vacations (35 days a year)
- Full-time telecommuting in a globally distributed team
- Co-working space membership or WFH equipment for home-office
- Fitness club or a local gym membership
- Competitive salary with stock options plan
- Awesome team members!