Senior Software Engineer (Security)
As a Security Engineer, you will:
- Develop fixes for reported vulnerabilities and known issues.
- Research and identify vulnerabilities in code and mitigate them before they're discovered.
- Coordinate with other WordPress contributors and security team members to move forward stalled issues.
The Security Engineer position might be a good fit if you:
- Have a deep understanding of WordPress, its file, and database structures.
- Have experience writing and debugging WordPress plugins and themes.
- Have a deep foundation of PHP internals.
- Have a love for securing and protecting websites and applications.
- Understand security threats, vulnerabilities, and common attack vectors such as XSS, SQL injection, session management, and so on, and how to mitigate them.
- Have a deep understanding of HTTP(S) and networking protocols (e.g., TCP/IP).
- You are highly collaborative and love participating in code reviews and discussions about architecture or design.
- You are open and able to travel 3-4 weeks per year to meet your teammates in person.
- Reported vulnerabilities in the past.
- Experience with HackerOne.
- Experience with penetration testing and associated tools.
- Previous experience with malware detection systems.
- Are familiar with large-scale systems.
Speaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:
- Leadership – we offer various leadership options to those who have an interest, including becoming a team lead and managing releases.
- Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books, and conferences.
- Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution, and mentor other developers working on them.
- Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.
Meet the Team
How to apply
Does this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking forward to having you in the process with us.
We are the people behind WordPress.com, WooCommerce, Tumblr, Simplenote, Jetpack, Longreads, Day One, PocketCasts, and more. We believe in making the web a better place.
We’re a distributed company with more than 1800 Automatticians in [automattic-country-count] countries speaking 90+ different languages. We democratize publishing and commerce so anyone with a story can tell it, and anyone with a product can sell it, regardless of income, gender, politics, language, or country.
We believe in Open Source and the vast majority of our work is available under the GPL.
Diversity, Equity, and Inclusion at Automattic
We’re improving diversity, equity, and inclusion in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our DEI committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly DEI People Lab series for further learning. Diversity, Equity and Inclusion is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity, equity, and inclusion and our Employee Resource Groups.
Apply for this position