Senior Security Engineer (Python, WordPress & PHP) (Remote-Only, Europe)

CloudLinux is a global remote-first company driven by principles of doing the right thing, prioritizing employees, and delivering high-volume, low-cost Linux infrastructure and security products. Our solutions help companies increase operational efficiency, fostering a supportive team environment where everyone contributes to collective success.

Imunify360 Security Suite, a product of CloudLinux Inc., is recognized as the #1 OS in security and stability for hosting providers. This innovative security solution is specifically designed for shared and VPS/Dedicated servers, offering automated, easy-to-use, and comprehensive attack prevention through a six-layer security approach.

For more information about our Imunify360 Product, please visit https://www.imunify360.com/

We are developing an engineering-focused security platform to protect WordPress and its extensive plugin ecosystem. The primary challenge involves transforming real attacker behaviors into scalable, automated, and repeatable systems.

We are seeking a Senior Security Engineer with deep exploitation knowledge who prioritizes building tooling and automation over one-off research. In this role, you will contribute to systems that:

• Automatically generate and validate exploit Proof-of-Concepts (PoCs) for known WordPress / PHP CVEs.
• Analyze PHP execution traces derived from actual zero-day attacks targeting WordPress installations.

Large Language Models (LLMs) are a core component of this work, pragmatically used to accelerate exploit reconstruction, PoC generation, and attack workflow automation.

This is an engineering position with offensive security depth, distinct from traditional pentesting or red-team roles.

What You’ll Build

Systems to ingest, normalize, and analyze PHP execution traces, focusing on:

• Function calls, parameters, control flow, and side effects.
• PHP-level execution and logic, without native binary reversing.

Tooling designed to infer:

• Vulnerable code paths.
• Authorization and logic flaws.
• Nonce and state-handling weaknesses.

Automated pipelines that:

• Convert CVE descriptions and PHP source code into functional PoCs.
• Deterministically replay inferred exploit paths.

LLM-assisted frameworks for:

• Exploit skeleton generation.
• Parameter and payload inference.
• Exploit mutation and robustness testing.

High-fidelity exploit simulations targeting:

• admin-ajax.php
• WordPress REST APIs
• Plugin-specific endpoints

Infrastructure that translates exploit mechanics into actionable signals for detection and prevention systems.

Requirements

Must have:

• Strong background in security engineering or offensive security automation.
• Hands-on experience exploiting WordPress plugins, themes, or PHP applications.
• Deep understanding of:
  • PHP execution model and request lifecycle.
  • WordPress internals (nonces, hooks, REST, admin flows).
  • HTTP semantics, sessions, cookies, and authorization.
• Proven ability to read, reason about, and exploit PHP source code.
• Strong Python engineering skills for building:
  • Automation pipelines.
  • Analysis tooling.
  • Exploit frameworks.

Nice to have:

• Exploit framework usage experience (e.g., MSF, Core Impact, Immunity Canvas).
• Prior experience using LLMs to automate exploit development, including:
  • PoC generation.
  • Workflow automation.
  • Payload mutation or inference.
• Experience with:
  • Execution traces or application-level call graphs.
  • Fuzzing or vulnerability discovery pipelines.
• Familiarity with tools like WPScan, Nuclei, Metasploit, Burp.
• Contributions to exploit tooling, frameworks, or security automation.
• Public CVEs or PoCs (helpful but not required).

What This Role Is Not:

• Manual pentesting or report-driven consulting.
• SOC or alert-triage work.
• Pure vulnerability research without automation.

This role focuses on engineering systems that scale exploitation knowledge.

Why This Role Is Interesting

• Work with real zero-day attack telemetry, not just public CVEs.
• Build repeatable systems, not one-off demos.
• Utilize LLMs pragmatically within production pipelines.
• Directly influence the detection and prevention of real WordPress attacks.
• Enjoy high autonomy and deep technical ownership.

Benefits

What's in it for you?

• Focus on professional development.
• Engaging and challenging projects.
• Fully remote work with flexible hours, allowing worldwide location flexibility.
• Paid 24 days of vacation annually, 10 national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• Opportunity for a reward for innovative, patentable ideas.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy, which details our data maintenance and handling practices.