About GoDaddy
GoDaddy powers the world’s largest cloud platform dedicated to small, independent ventures. With nearly 18 million customers worldwide and over 77 million domain names under management, GoDaddy is the place people come to name their idea, build a professional website, attract customers and manage their work. Our mission is to give our customers the tools, insights and the people to transform their ideas and personal initiative into success. To learn more about the company visit www.GoDaddy.com.
The Web Threat landscape is constantly evolving and in order to keep pace with new malware and vulnerabilities, GoDaddys Sucuri team seeks a Senior Threat Researcher who will hunt for malicious code and find new vulnerabilities to predict new trends. You will be working with our research team, collaborating with our active research, and writing for our labs.sucuri.net and blog.sucuri.net.
You can be based remote, working in any location in the U.S or any country where GoDaddy has operations!
In this role, you will Identify and understand malicious code written on the most common programming languages available for web development (PHP, ASP, JavaScript, HTML and others), look for malware on webpages using search tools (Google, Bing, DuckDuckGo), evaluate third party detections and validate if the detected code is indeed malicious, and create the detection accordingly as well as writing articles on the findings.
You’ll also review and reverse patches to understand the vulnerabilities fixed on a software release as well as find vulnerable code on existent software. All the findings will be used to protect our clients by writing virtual patching rules to our WAF.
This is a great opportunity for you to continue to develop your understanding of tactics and tricks used by malware, and to find reliable ways to automate discovery of infected sites.
Responsibilities
- Research new malware online
- Detecting trends and waves of infections
- Writing articles on findings
- Code reading to determine if a particular file is malicious or not
- Writing regular expressions to detect and remove malicious code
- Website cleanup and troubleshooting
Requirements
- Understanding of security principles and use good security practices in general
- Linux experience CLI and cPanel
- Experience with Apache, Nginx and other web servers
- Experience with WordPress, Joomla, Magento, vBulletin and other CMS software
- Web Malware Experience (decoding, understanding)
- PHP, Python and Shell scripting/automation
- Open source and community participation and contributions a plus
Tools We Work With
- Jira
- Bitbucket
- Trello
- GitHub
- Jenkins
- ElasticSearch
GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, creed, religion, sex, sexual orientation, gender, gender identity or expression, medical condition, national origin, ancestry, citizenship, marital status or civil partnership/union status, physical or mental disability, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.