Senior Security Engineer (Python, WordPress & PHP)

We are looking for a Senior Security Engineer who understands exploitation deeply but prefers building tooling and automation over one-off research. You will work on systems that:

1. Automatically generate and validate exploit PoCs for known WordPress / PHP CVEs
2. Analyze PHP execution traces from real zero-day attacks against WordPress installations
   

LLMs are a first-class component of this work—not a novelty—used to accelerate exploit reconstruction, PoC generation, and attack workflow automation.

This is an engineering role with offensive depth, not a traditional pentesting or red-team position.

What You’ll Build

• Systems to ingest, normalize, and analyze PHP execution traces:
  • Function calls, parameters, control flow, side effects
  • No native binary reversing — focus is PHP-level execution and logic
• Tooling that infers:
  • vulnerable code paths
  • authorization and logic flaws
  • nonce and state-handling weaknesses
• Automated pipelines that:
  • convert CVE descriptions + PHP source code into working PoCs
  • replay inferred exploit paths deterministically
• LLM-assisted frameworks for:
  • exploit skeleton generation
  • parameter and payload inference
  • exploit mutation and robustness testing
• High-fidelity exploit simulations targeting:
  • admin-ajax.php
  • WordPress REST APIs
  • plugin-specific endpoints
• Infrastructure that transforms exploit mechanics into signals usable by detection and prevention systems.

Requirements

Must have:

• Strong background in security engineering or offensive security automation.

• Hands-on experience exploiting WordPress plugins, themes, or PHP applications.
• Deep understanding of:
  • PHP execution model and request lifecycle
  • WordPress internals (nonces, hooks, REST, admin flows)
  • HTTP semantics, sessions, cookies, and authorization
• Proven ability to read, reason about, and exploit PHP source code.
• Strong Python engineering skills for building:
  • automation pipelines
  • analysis tooling
  • exploit frameworks

Nice to have:

• Exploit framework usage experience like, MSF, Core Impact, Immunity Canvas.
• Prior experience using LLMs to automate exploit development:
  
  • PoC generation
  • workflow automation
  • payload mutation or inference
• Experience with:
  • execution traces or application-level call graphs
  • fuzzing or vulnerability discovery pipelines
• Familiarity with tools like: WPScan, Nuclei, Metasploit, Burp.
• Contributions to exploit tooling, frameworks, or security automation.
• Public CVEs or PoCs (helpful but not required)
  
  

What This Role Is Not:

• Manual pentesting or report-driven consulting
• SOC or alert-triage work
• Pure vulnerability research without automation
  

This role is about engineering systems that scale exploitation knowledge.

Why This Role Is Interesting

• You’ll work with real zero-day attack telemetry, not just public CVEs.
• You’ll build repeatable systems, not one-off demos.
• LLMs are used pragmatically, as part of production pipelines.
• Your work directly shapes how real WordPress attacks are detected and stopped.
• High autonomy, deep technical ownership.

Benefits

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.