Senior Security Research Engineer

https://wp.cloud/ powers https://wordpress.org/ at scale, and security is a critical part of that foundation. We’re expanding our security team to support WP Cloud, while also contributing to the protection and intelligence provided by https://wpscan.com/ and https://jetpack.com/protect/. As a Security Researcher, you will analyze vulnerable and malicious code, track emerging threats, and help build the tools and processes that detect, prevent, and remediate malware and other security issues across the WordPress ecosystem. If you have a knack for solving puzzles and a passion for documenting and operationalizing solutions, this is a great opportunity to make a broad impact. The Senior Security Engineer position might be a good fit if you: Enjoy securing and protecting websites and applications. Have at least 3 years of experience as a security researcher, or equivalent experience investigating vulnerabilities, malware, or other threats. Understand threat models, security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, along with how to mitigate them. Have experience with PHP and some exposure to software engineering. Are highly collaborative, and love participating in code reviews and discussions about architecture or design. Have a strong ability to use AI tools effectively to accelerate your work, improve analysis, and enhance the quality of your solutions. Are open, and able, to travel 2-3 weeks per year to meet up with your teammates in person. Extra Credit: Experience with penetration testing and associated tools. Previous experience with malware detection systems. Reported vulnerabilities in the past. Know your way around WordPress and its file and database structures. Have experience writing and debugging WordPress plugins and themes. Speaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company: Leadership – we offer a variety of leadership options to those who have an interest, including becoming a team lead and managing releases. Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences. Architecture – we encourage developers to build expertise in the systems they work with, guide their evolution, and mentor other developers working on them. Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process  Compensation and Benefits Salary range: $70,000-$170,000 USD.  Please note that salary ranges are global, regardless of location, and we pay in local currency. We are searching for high-caliber candidates with the skills and qualities to have a net positive for Automattic. Pay will reflect the potential contribution and the impact you can bring, which may, in some cases, go beyond the range stated. This isn’t your typical work-from-home job—we are a fully-remote company with an open vacation policy. Read more about our https://automattic.com/compensation/ To see a full list of benefits by country, consult our https://automattic.com/benefits/. And check out these links to learn more about https://automattic.com/how-we-hire/ and https://automattic.com/expectations/. #LI-Remote About Automattic  Now in https://timeline.automattic.com/, we’re the people behind http://wordpress.com/, https://href.li/?http://woocommerce.com/, https://www.beeper.com/, https://href.li/?https://www.tumblr.com/, https://href.li/?http://simplenote.com/, https://href.li/?http://jetpack.com/, https://href.li/?http://longreads.com/, https://href.li/?https://dayoneapp.com/, https://href.li/?https://www.pocketcasts.com/, and more. We believe in making the web a better place. We’re a distributed company with more than 1500 Automatticians in nearly every corner of the globe, speaking over a hundred different languages. Enriched by this diversity, we’re united by a singular mission: to democratize publishing, commerce, and messaging so anyone with a story can tell it, anyone with a product can sell it, and everyone can manage their communications from a single source. In short, we help maintain a balance in society, creating and continually refining powerful tools people can use to compete fairly—regardless of income, gender, politics, language, or where they live in the world. https://github.com/Automattic, and the vast majority of our work is available under the https://en.wikipedia.org/wiki/GNU_General_Public_License. Automattic is a https://mostlovedworkplace.com/companies/automattic-inc/, an Equal Opportunity employer, and https://disabilityconfident.campaign.gov.uk/. (https://happinessengineer.blog/2022/09/08/happiness-for-everyone-working-with-a-disability-at-automattic/.) If you need disability-related accommodations during the application or interview process, please https://automattic.com/disability-related-accommodation-request/. We are committed to ensuring an accessible hiring process for all candidates. Learn more about our https://automattic.com/automattician-resource-groups/. You can track your application status and more at https://my.greenhouse.io/users/sign_in. To learn about how we handle your data, please review our https://automattic.com/privacy/. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. View the “Know Your Rights: Workplace Discrimination is Illegal” poster https://automattic.wordpress.com/wp-content/uploads/2026/03/22-088_eeoc_knowyourrights6.12.pdf. Automattic participates in the https://automattic.wordpress.com/wp-content/uploads/2026/03/e-verify_participation_poster_eng_es.pdf in certain locations, as required by law. Offices: (Infrastructure);