Senior Software Engineer (Security)-Automattic

September 1, 2021
Urgent

Job Description

AS A SECURITY ENGINEER, YOU WILL:

  • Develop fixes for reported vulnerabilities and known issues.
  • Research and identify vulnerabilities in code and mitigate them before they’re discovered.
  • Coordinate with other WordPress contributors and security team members to move forward stalled issues.

THE SECURITY ENGINEER POSITION MIGHT BE A GOOD FIT IF YOU:

  • Have a deep understanding of WordPress, its file, and database structures.
  • Have experience writing and debugging WordPress plugins and themes.
  • Have a deep foundation of PHP internals.
  • Have experience in JavaScript APIs and React.
  • Have a love for securing and protecting websites and applications.
  • Understand security threats, vulnerabilities, and common attack vectors such as XSS, SQL injection, session management, and so on, and how to mitigate them.
  • Have a deep understanding of HTTP(S) and networking protocols (e.g., TCP/IP).
  • You are highly collaborative and love participating in code reviews and discussions about architecture or design.
  • You are open and able to travel 3-4 weeks per year to meet your teammates in person.

EXTRA CREDIT:

  • Reported vulnerabilities in the past.
  • Experience with HackerOne.
  • Experience with penetration testing and associated tools.
  • Previous experience with malware detection systems.
  • Are familiar with large-scale systems.

SPEAKING OF INTERESTS AND SKILLS, HERE ARE SOME AREAS IN WHICH YOU CAN GROW AND HAVE FURTHER IMPACT IN THE FUTURE AT THE COMPANY:

  • Leadership – we offer various leadership options to those who have an interest, including becoming a team lead and managing releases.
  • Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences.
  • Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution, and mentor other developers working on them.
  • Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.

MEET THE TEAM

Curious who works in engineering at Automattic? Meet our JavaScript Engineers – Lena and Riad.

HOW TO APPLY

Does this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking forward to having you in the process with us.

ABOUT AUTOMATTIC

We are the people behind WordPress.comWooCommerceJetpackTumblrSimplenoteLongreadsDay One, and more. We believe in making the web a better place.

We’re a distributed company with more than 1600 Automatticians in 80+ countries speaking 90+ different languages. We democratize publishing and commerce so anyone with a story can tell it, and anyone with a product can sell it, regardless of income, gender, politics, language, or country.

We believe in Open Source and the vast majority of our work is available under the GPL.

DIVERSITY, EQUITY, AND INCLUSION AT AUTOMATTIC

We’re improving diversity, equity, and inclusion in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our DEI committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly DEI People Lab series for further learning. Diversity, Equity and Inclusion is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity, equity, and inclusion and our Employee Resource Groups.