ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Senior Security Engineer (Python, WordPress & PHP) (remote-only, Europe)

Cloudlinux

Sofia, Sofia City Province, Bulgaria Remote permanent

Posted: February 12, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/D. The ideal candidate should have experience with Python, WordPress, and PHP.

Required Skills

Security Engineering Equipment Security PHP Development LLM Integration Automated Systems CVE Analysis Data-Driven Frameworks Debugging Simulation Security Products WordPress Exploitation PHP Execution Traces Exploit PoC Generation

Job Description

CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we all are successful.

Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.

Check out our website for more information about our Imunify360 Product https://www.imunify360.com/

We are building an engineering-heavy security platform for protecting WordPress and its plugin ecosystem. The core challenge is turning real attacker behavior into automated, repeatable systems that scale.

We are looking for a Senior Security Engineer who understands exploitation deeply but prefers building tooling and automation over one-off research. You will work on systems that:

• Automatically generate and validate exploit PoCs for known WordPress / PHP CVEs
• Analyze PHP execution traces from real zero-day attacks against WordPress installations

LLMs are a first-class component of this work—not a novelty—used to accelerate exploit reconstruction, PoC generation, and attack workflow automation.

This is an engineering role with offensive depth, not a traditional pentesting or red-team position.

What You’ll Build

• Systems to ingest, normalize, and analyze PHP execution traces:
• Function calls, parameters, control flow, side effects
• No native binary reversing — focus is PHP-level execution and logic

• Tooling that infers:
• vulnerable code paths
• authorization and logic flaws
• nonce and state-handling weaknesses

• Automated pipelines that:
• convert CVE descriptions + PHP source code into working PoCs
• replay inferred exploit paths deterministically

• LLM-assisted frameworks for:
• exploit skeleton generation
• parameter and payload inference
• exploit mutation and robustness testing

• High-fidelity exploit simulations targeting:
• admin-ajax.php
• WordPress REST APIs
• plugin-specific endpoints

• Infrastructure that transforms exploit mechanics into signals usable by detection and prevention systems.


Requirements:
Must have:

• Strong background in security engineering or offensive security automation.

• Hands-on experience exploiting WordPress plugins, themes, or PHP applications.
• Deep understanding of:
• PHP execution model and request lifecycle
• WordPress internals (nonces, hooks, REST, admin flows)
• HTTP semantics, sessions, cookies, and authorization

• Proven ability to read, reason about, and exploit PHP source code.
• Strong Python engineering skills for building:
• automation pipelines
• analysis tooling
• exploit frameworks

Nice to have:

• Exploit framework usage experience like, MSF, Core Impact, Immunity Canvas.
• Prior experience using LLMs to automate exploit development:
• PoC generation
• workflow automation
• payload mutation or inference

• Experience with:
• execution traces or application-level call graphs
• fuzzing or vulnerability discovery pipelines

• Familiarity with tools like: WPScan, Nuclei, Metasploit, Burp.
• Contributions to exploit tooling, frameworks, or security automation.
• Public CVEs or PoCs (helpful but not required)

What This Role Is Not:

• ❌ Manual pentesting or report-driven consulting
• ❌ SOC or alert-triage work
• ❌ Pure vulnerability research without automation

This role is about engineering systems that scale exploitation knowledge.

Why This Role Is Interesting

• You’ll work with real zero-day attack telemetry, not just public CVEs.
• You’ll build repeatable systems, not one-off demos.
• LLMs are used pragmatically, as part of production pipelines.
• Your work directly shapes how real WordPress attacks are detected and stopped.
• High autonomy, deep technical ownership.


Benefits:
What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply