Web Application Vulnerability Analyst Contractor

Location

Work from home | India

Job description

We are looking for a Web Application Vulnerability Analyst Contractor with a focus on WordPress to join our Threat Intelligence team. In this role, you will be expected to analyze newly reported WordPress Plugin, Theme, and Core vulnerabilities to determine their exploitability, severity, impact and more along with determining existing coverage of the Wordfence firewall s rules. You will also be expected to triage incoming Bug Bounty report submissions which involves validating reports and proposing bounties based on company assessed impact.

Key Responsibilities:

• Triaging and validating vulnerability reports submitted to our Bug Bounty Program. This includes:

• Quickly assessing impact to determine the order in processing incoming submissions.

• Setting up a test environment to replicate any reported vulnerabilities

• Finding the source of the vulnerability in the source code, when not provided by the researcher

• Populating a vulnerability record based on the provided data

• Determining if a custom firewall rule needs to be developed for the vulnerability.

• Providing a recommended solution to the developer for common vulnerabilities

• Proposing a bounty amount based on our internal calculator to reflect the severity and impact of the vulnerability.

• Working with the customer service team that handles the responsible disclosure.

• Validating a patch is sufficient when released.

• Adding newly disclosed vulnerabilities from public data sources to our Vulnerability Database. This includes:

• Fully analyzing the vulnerability to determine impact

• Identifying where in the code the vulnerability occurs

• Verifying that the issue is fully patched.

• Formulating a CVSS score and choosing a CWE.

• Populating a vulnerability record based on disclosed and newly discovered data.

• Determining if a custom firewall rule needs to be developed for the vulnerability.

Our ideal candidate has:

• Certifications, or desire to get certified (OSWE, eWPTx, PenTest+, Security+, eWPT, GWAPT, etc..)

• Experience formulating CVSS scores and identifying CWEs for vulnerability types.

• Ability to process large amounts of technical data consistently and accurately with minimal mistakes.

• Experience performing data entry related tasks where some technical proficiency and additional analysis is required prior to data entry.

• Familiarity with the and CVE IDs.

• An understanding of the WordPress threat model

• Experience with writing and/or testing Web Application Firewall rules, or familiarity with functionality of access control lists.

• Experience working with REGEX.

• Experience writing simple scripts to improve workflows and efficiency.

• Excellent communication skills

Desired Qualifications:

• Technical experience with common web application based vulnerabilities in WordPress plugins and themes.

• Ability to develop proof of concepts programmatically or conceptually to test the exploitability of vulnerabilities, and the general ability to read/understand programmatic and conceptual proof of concepts.

• Ability to replicate the exploitability of vulnerabilities in a test environment

• Ability to review source code changes to determine if a vulnerability was patched, and what the patch was for.

• Experience generating/modifying requests.

• Experience working with BURP suite, or similar proxy software, and a PHP debugger.

• Experience programmatically interacting with REST APIs

• Comfort with diff ing and searching files using command line tools.

• A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.

• A solid understanding of the responsible disclosure process.

• Excellent analytical ability, ability to think outside of the box, and an eagerness to learn.

Job tags

Salary