Security Analyst : Forensics and Remediation
Defiant, makers of the WordPress security plugin Wordfence, is a fast-moving cybersecurity company that delivers the best threat protection for WordPress sites.
We’re a 100% remote team, nimble, self managing and work in a relaxed atmosphere with a sense of humor. Rather than working for a mega-corp, you will be working in a company where your work has real impact in the fun, high-growth stages of our evolution.
We are looking for security analysts to join our forensics team. You will assist our customers to investigate how their site was hacked and to repair their site and remove all traces of the intrusion. In addition to this you will also collect evidence from intrusions that will help improve our threat detection. You will need to determine how the intrusion occurred and then collect all IOC’s (indicators of compromise) and share this data with our product team in a structured way.
● You must be highly technical and be comfortable with a wide range of open source tools.
● Excellent written and verbal communication skills.
● You must work well in a team.
● You must be nimble, be able to come up with creative solutions to challenging problems and must have a mature approach to problem solving.
● Attention to detail.
Note: Applicants who can work weekends will be given priority consideration.
We have the highest star rating for any WordPress plugin in history and we pride ourselves on providing an excellent product with great customer service that helps secure small and large production websites. If you’re passionate about information security and would like to help secure the web, this is your dream job. We take our team’s family time seriously and don’t ask you to work long hours if we can avoid it (we almost always can). Our entire team works remotely using Slack for casual interaction so you can live practically anywhere in the world as long as you have an internet connection. Defiant is high growth, but we are not a startup. The company is still controlled by the founders, we are profitable and have been for many years. So you will enjoy the rush of high growth but you won’t have to risk working for a company that is controlled by venture capitalists or may not be here tomorrow.
At Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task from a support ticketing system, communicate clearly with our customers and see the task to completion with excellent attention to detail. We don’t micromanage and we trust that you will be able to see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed. You will be working for a company that has code protecting over 2 million production websites. It is a fast paced real-time environment with new challenges daily.
The specific skills we require for this position are:
● At least 5 years of experience administering LAMP systems.
● Understanding of SQL and ability to use the mysql client.
● Experience investigating hacked websites, determining how the intrusion occurred and removing the intrusion and restoring the site to a fully functional state.
● An understanding of all major vulnerability types and the ability to explain them to a customer.
● Ability to analyze web log files and determine how an intrusion occurred.
● Must be able to use Linux shell tools like grep, find and any other utility that can assist with investigation and remediation.
● An understanding of regular expressions is a strong plus.
● Experience with WordPress required.
● You must be well versed in information security and any certifications you already have in penetration testing or forensics are a strong plus.
Full-time positions include the following benefits:
Company pays 100% employee premium, 50% of dependents : platinum level medical, dental, vision.
21 days PTO.
401(k) with company match.
Latest in laptop and workstation technology to do an awesome job from anywhere in the world.
Company paid local gym membership.
Full time telecommuting with flexible hours where you can set your own schedule and work from anywhere.
We have a unique process that we use when it comes to hiring our forensic and remediation team. It works as follows:
The initial step is to fill in the form provided in this application. This is very important because we look at your answers to this form before we look at any other part of your application. The way you answer our form will largely determine if your application moves on to the next step.
If approved, we will ask you to clean a hacked site. This is on a virtual machine hosted at Linode that we have infected with malware on purpose. This will be a paid engagement and you will be paid $100 for your time, even though this is a simulation.
If you are able to successfully clean the hacked sample site, you will move on to a final phone interview via Skype. This may include some technical questions and you will need to have a computer and keyboard in front of you and be able to share your screen via Skype.
If you are successful, you will join our fast paced team and start contributing valuable research to Defiant and the larger online community. All Security Analyst positions start on a paid 3 week trial contract that is available part-time (at least 15 hours per week) with flexible hours.
Note: All contracts and offers of employment are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a contract or employment with the company.