Senior Security Engineer (Python, WordPress & PHP) (remote-only, Europe)

CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we all are successful. 

Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.

Check out our website for more information about our Imunify360 Product https://www.imunify360.com/

We are building an engineering-heavy security platform for protecting WordPress and its plugin ecosystem. The core challenge is turning real attacker behavior into automated, repeatable systems that scale.

We are looking for a Senior Security Engineer who understands exploitation deeply but prefers building tooling and automation over one-off research. You will work on systems that:

1. Automatically generate and validate exploit PoCs for known WordPress / PHP CVEs
2. Analyze PHP execution traces from real zero-day attacks against WordPress installations
   

LLMs are a first-class component of this work—not a novelty—used to accelerate exploit reconstruction, PoC generation, and attack workflow automation.

This is an engineering role with offensive depth, not a traditional pentesting or red-team position.

What You’ll Build

• Systems to ingest, normalize, and analyze PHP execution traces:
  • Function calls, parameters, control flow, side effects
  • No native binary reversing — focus is PHP-level execution and logic
• Tooling that infers:
  • vulnerable code paths
  • authorization and logic flaws
  • nonce and state-handling weaknesses
• Automated pipelines that:
  • convert CVE descriptions + PHP source code into working PoCs
  • replay inferred exploit paths deterministically
• LLM-assisted frameworks for:
  • exploit skeleton generation
  • parameter and payload inference
  • exploit mutation and robustness testing
• High-fidelity exploit simulations targeting:
  • admin-ajax.php
  • WordPress REST APIs
  • plugin-specific endpoints
• Infrastructure that transforms exploit mechanics into signals usable by detection and prevention systems.

Requirements

Must have:

• Strong background in security engineering or offensive security automation.

• Hands-on experience exploiting WordPress plugins, themes, or PHP applications.
• Deep understanding of:
  • PHP execution model and request lifecycle
  • WordPress internals (nonces, hooks, REST, admin flows)
  • HTTP semantics, sessions, cookies, and authorization
• Proven ability to read, reason about, and exploit PHP source code.
• Strong Python engineering skills for building:
  • automation pipelines
  • analysis tooling
  • exploit frameworks

Nice to have:

• Exploit framework usage experience like, MSF, Core Impact, Immunity Canvas.
• Prior experience using LLMs to automate exploit development:
  • PoC generation
  • workflow automation
  • payload mutation or inference
• Experience with:
  • execution traces or application-level call graphs
  • fuzzing or vulnerability discovery pipelines
• Familiarity with tools like: WPScan, Nuclei, Metasploit, Burp.
• Contributions to exploit tooling, frameworks, or security automation.
• Public CVEs or PoCs (helpful but not required)
  
  

What This Role Is Not:

• ❌ Manual pentesting or report-driven consulting
• ❌ SOC or alert-triage work
• ❌ Pure vulnerability research without automation
  

This role is about engineering systems that scale exploitation knowledge.

Why This Role Is Interesting

• You’ll work with real zero-day attack telemetry, not just public CVEs.
• You’ll build repeatable systems, not one-off demos.
• LLMs are used pragmatically, as part of production pipelines.
• Your work directly shapes how real WordPress attacks are detected and stopped.
• High autonomy, deep technical ownership.

Benefits

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.