Analyze and classify web malware: PHP shells, JavaScript injectors, WordPress backdoors, SEO spam, redirectors, cryptominers, and other threats targeting the hosting ecosystem
Reverse-engineer obfuscated PHP and JavaScript to understand attacker techniques and extract detection patterns
Write and refine PCRE-based detection signatures for our scanning engine precision matters, false positives erode customer trust
Maintain processing SLAs as part of a globally distributed team providing round-the-clock malware coverage
Research emerging threats new CMS exploitation techniques, supply-chain attacks on plugins/themes, zero-day delivery methods

Strong PCRE regex expertise, you understand anchors, non-capturing groups, performance implications, and can write complex patterns that are both accurate and efficient
3+ years working with PHP and/or JavaScript, reading, understanding, and analyzing code (differentiate legitimate and malicious artifacts, no software engineering skills required)
Web malware reverse engineering, JS deobfuscation, PHP deobfuscation, unpacking encoded payloads
Understanding of web attack injection, XSS, RCE, file upload exploits, and how they manifest in hosting environments
Familiarity with web server and shared hosting architecture, Apache/Nginx/LiteSpeed, Reverse Proxy, PHP handlers, WAF, Namespaces, cgroups, Linux File system permissions
English proficiency at upper-intermediate level or above

5-day week (5 on / 2 off) on a fixed schedule aligned with your time zone
Paid 24 days of vacation per year
10 days of national holidays
Unlimited sick leaves
Compensation for private medical insurance
Co-working and gym/sports reimbursement
Opportunity to receive a reward for the most innovative idea that the company can patent
Weekends and public holidays that fall within your schedule are compensated with either bonus payments or an extra vacation days

Remote (Worldwide)

CloudLinux is hiring a Malware Intelligence Analyst (worldwide remote, work anywhere)

Similar Jobs