Malware Intelligence Analyst (Worldwide Remote)

Imunify360 Security Suite, a product of CloudLinux Inc., offers an innovative security solution for shared and VPS/Dedicated servers. Known for its #1 OS in security and stability for hosting providers, Imunify delivers comprehensive and complete attack prevention through an automated, easy-to-use, six-layer security approach.

For more information about our Imunify360 product, please visit our website: https://www.imunify360.com/.

Imunify360 scanners actively clean millions of infected files and websites monthly. This critical work is supported by a dedicated team of malware analysts who reverse-engineer threats, develop detection signatures, and build the intelligence layer safeguarding hundreds of thousands of web servers, from small WordPress sites to large infrastructure.

We are expanding our Malware Processing Team and seeking malware analysts to provide 24/7 coverage across various time zones. In this role, you will dissect real-world web malware, including obfuscated PHP backdoors, JavaScript injections, SEO spam, and cryptominers. Your findings will be transformed into production-ready detection rules, protecting millions of websites.

This is a fully remote position, offering a fixed schedule customized to your time zone and preferences.

What You'll Do

• Analyze and classify web malware, including PHP shells, JavaScript injectors, WordPress backdoors, SEO spam, redirectors, cryptominers, and other threats targeting the hosting ecosystem.
• Reverse-engineer obfuscated PHP and JavaScript to understand attacker techniques and extract detection patterns.
• Write and refine PCRE-based detection signatures for our scanning engine, prioritizing precision to maintain customer trust.
• Maintain processing SLAs as part of a globally distributed team providing round-the-clock malware coverage.
• Research emerging threats such as new CMS exploitation techniques, supply-chain attacks on plugins/themes, and zero-day delivery methods.

Requirements

Must have:

• Strong PCRE regex expertise, including understanding anchors, non-capturing groups, performance implications, and the ability to write accurate and efficient complex patterns.
• 3+ years of experience working with PHP and/or JavaScript, focusing on reading, understanding, and analyzing code to differentiate legitimate and malicious artifacts (software engineering skills not required).
• Proficiency in web malware reverse engineering, JavaScript deobfuscation, PHP deobfuscation, and unpacking encoded payloads.
• Understanding of web attack injection techniques, including XSS, RCE, and file upload exploits, and their manifestation in hosting environments.
• Familiarity with web server and shared hosting architecture, such as Apache/Nginx/LiteSpeed, Reverse Proxy, PHP handlers, WAF, Namespaces, cgroups, and Linux File system permissions.
• English proficiency at an upper-intermediate level or above.

Nice to have:

• Experience with WordPress internals (themes, plugins, hooks).
• Hands-on website cleanup or incident response experience.
• Penetration testing or red team background.
• Python scripting for automation and tooling.
• Experience with YARA rules or other signature formats.
• Familiarity with cPanel, Plesk, or DirectAdmin environments.

We encourage applications from candidates with strong analytical skills and a genuine curiosity about malware, even if your background is in security research or adjacent fields rather than pure malware analysis. Our comprehensive onboarding process and modern tooling will help bridge any skill gaps.

Work Schedule

We maintain a 24/7 malware processing pipeline with a 1-hour SLA. To ensure a sustainable and fair work environment:

• You will work a standard 5-day week (5 on / 2 off) on a fixed schedule, aligned with your time zone and preferences, with no mandatory rotation.
• Weekends and public holidays falling within your schedule are compensated with either bonus payments or additional vacation days.

Benefits

What's in it for you?

• A 5-day work week (5 on / 2 off) with a fixed schedule aligned to your time zone.
• Paid time off including 24 vacation days per year, 10 national holidays, and unlimited sick leave to support a healthy work-life balance.
• Compensation for private medical insurance.
• Reimbursement for co-working spaces and gym/sports activities.
• Opportunity to receive a reward for innovative, patentable ideas, fostering a culture of creativity.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy, which details how we maintain and handle your data.