We are looking for a Vulnerability Data Entry Analyst with a focus on WordPress to join our Threat Intelligence team. In this role, you will be expected to find and process WordPress plugin, theme, and core related vulnerability data to create comprehensive vulnerability entries that will be stored in a database. This will involve reviewing vulnerability records, finding resources to validate the vulnerability records, and populating the data needed to complete those records.
This is a contract position with a strict deadline for completion of the outlined tasks; expected 30 - 40 hours of work per week for approximately 9 weeks.
The hourly rate is $30 - $40USD depending on experience with a $1,000 one time hiring bonus. $500 bonus every 3 weeks when performance indicators are met with quality work.
You'll work with a talented and highly-motivated team that is friendly, fast-moving, self-managing, and highly capable with a sense of humor. Our team's family time is important; we won't typically require long hours when we can avoid it, which is almost always. Our entire team works remotely using Slack for casual interaction, so you can live practically anywhere in the World if you have an Internet connection. There's no micro-management here—we trust that you will see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed.
At Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task, communicate clearly with stakeholders, and see the task to completion with superb attention to detail.
We use apps like Slack, FogBugz, GitHub, and Google Apps for our workflow.
- Process and create vulnerability entries for WordPress related vulnerabilities. This consists of calculating a CVSS score, choosing an appropriate CWE based on vulnerability type, writing an accurate description that details the impact of a vulnerability, finding and populating external resources that provide data on a vulnerability, validating affected version ranges along with patched versions, and more.
- Performing reconnaissance to find resources on vulnerabilities that can assist in populating vulnerability data.
- Researching and validating historical vulnerability data to populate new vulnerability entries.
Our ideal candidate has:
- Certifications related to Data Entry or Information Security.
- Experience with vulnerability research in the WordPress ecosystem.
- Ability to easily identify patched vulnerabilities based on changesets in WordPress software, like plugins and themes.
- Ability to validate vulnerabilities through publicly available proof of concepts or through the creation of proof of concepts.
- Ability to assign Common Vulnerability Scoring System(CVSS) scores to WordPress software related vulnerabilities accurately.
- Familiarity with the Common Vulnerability Scoring System(CVSS).
- Familiarity with Common Weakness Enumeration(CWE) and ability to assign an appropriate CWE for different vulnerability types.
- Experience performing data entry related tasks where some technical proficiency and additional analysis is required prior to data entry.
- Experience writing short descriptions for vulnerabilities.
- Experience with web application based vulnerabilities, such as WordPress plugin, theme, and core vulnerabilities.
- Ability to process large amounts of data consistently and accurately with minimal mistakes.
- The ability to speak and write fluently in English.
- Excellent analytical ability
All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.
All offers of employment are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a offer of employment with the company.
Telecommuting with a company that has been 100% remote for over 8 years.
Diversity at Defiant
We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.