Careers at Wordfence

Position Filled
Security Analyst :­ Forensics and Remediation

Wordfence is responsible for securing over 1 Million active WordPress websites. We are the most popular security product for WordPress publishers by a significant margin. We also help our customers recover from a hacked site.

We are looking for security analysts to join our forensics team. You will assist our customers to investigate how their site was hacked and to repair their site and remove all traces of the intrusion. In addition to this you will also collect evidence from intrusions that will help improve our product. You will need to determine how the intrusion occurred and then collect all IOC’s (indicators of compromise) and share this data with our product team in a structured way.

General requirements:
● You must be highly technical and be comfortable with a wide range of open source tools.
● Excellent written and verbal communication skills.
● You must work well in a team.
● You must be nimble, be able to come up with creative solutions to challenging problems and must have a mature approach to problem solving.
● Attention to detail.

Note: Applicants who can work weekends will be given priority consideration.

We are a small, fast moving and fast growing company with a loyal customer base who love our products and services. We have the highest star rating for any WordPress plugin in history and we pride ourselves on providing an excellent product with great customer service that helps secure small and large production websites.

If you’re passionate about information security and would like to help secure the web, this is your dream job. We have a friendly, highly capable team with a sense of humor who move fast. We take our team’s family time seriously and don’t ask you to work long hours if we can avoid it (we almost always can). Our entire team works remotely using Slack for casual interaction ­so you can live practically anywhere in the World as long as you have an Internet connection. Wordfence is high growth, but we are not a startup. The company is still controlled by the founders, we are profitable and have been for several years. So you will enjoy the rush of high growth but you won’t have to risk working for a company that is controlled by venture capitalists or may not be here tomorrow.


At Wordfence, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task from a support ticketing system, communicate clearly with our customers and see the task to completion with excellent attention to detail.

We don’t micro­manage and we trust that you will be able to see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed. You will be working for a company that has code protecting over 1 million production websites. It is a fast­ paced real­-time environment with new challenges daily.

The specific skills we require for this position are:
● At least 5 years of experience administering LAMP systems.
● Ability to program in PHP and Javascript. Other languages like Python a strong plus.
● Understanding of SQL and ability to use the mysql client.
● Experience investigating hacked websites, determining how the intrusion occurred and removing the intrusion and restoring the site to a fully functional state.
● An understanding of all major vulnerability types and the ability to explain them to a customer.
● Ability to analyze web log files and determine how an intrusion occurred.
● Must be able to use Linux shell tools like grep, find and any other utility that can assist with investigation and remediation.
● An understanding of regular expressions is a strong plus.
● Experience with WordPress required.
● You must be well versed in information security and any certifications you already have in penetration testing or forensics are a strong plus.


This is a part-time, remote position with flexible hours. You are able to set your own schedule and work from anywhere.

We have a unique process that we use when it comes to hiring our forensic and remediation team. It works as follows:

1.  The initial step is to fill in the form provided in this application. This is very important because we look at your answers to this form before we look at any other part of your application. The way you answer our form will largely determine if your application moves on to the next step.

2.  If approved, we will ask you to clean a hacked site. This is on a virtual machine hosted at Linode that we have infected with malware on purpose. This will be a paid engagement and you will be paid $100 for your time, even though this is a simulation.

3.  If you are able to successfully clean the hacked sample site, you will move on to a final phone interview via Skype. This may include some technical questions and you will need to have a computer and keyboard in front of you and be able to share your screen via Skype.

4.  If you are successful, you will join our fast paced team and start contributing valuable research to Wordfence and the larger online community. All Security Analyst positions start on a paid 3 week trial contract that is available part-time (at least 10 hours per week) with flexible hours.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.