Web App Vulnerability Researcher

Patchstack is looking for a Threat Analyst who has a deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP applications. Do you have previous experience with performing code-reviews and finding security vulnerabilities in web applications? Would you be excited to make millions of websites more secure? Are you excited to work in a full-remote globally distributed company? Patchstack is a cyber security company helping companies and software developers to identify & patch vulnerabilities in open-source code. We have a strong community focus with our own gamified bug bounty program called Patchstack Alliance.

Most importantly, we're looking for a full-time team member who is an excellent communicator can grow with the rest of the team.

Day-to-day tasks include:

  • Threat hunting to find and analyze new vulnerabilities
  • Validate new vulnerabilities reported by our community (Patchstack Alliance)
  • Create and test virtual patches for new vulnerabilities
  • Research and write in-depth articles about new threats and vulnerabilities
  • Conduct pen-testing and code-reviews against PHP based applications
  • Must be familiar with industry standards like OWASP TOP 10, CVSS


  • Timezone: EEST (+/- 2 hours)
  • Deep personal motivation to make the web a safer place for everyone
  • Deep knowledge about AppSec
  • Previous experience with security testing
  • Fluent English in both speaking and writing
  • Outstanding communication skills
  • Good understanding of PHP and regex

Would be helpful:

  • Knowledge about WordPress and other PHP based content management systems
  • Previous experience working in a web hosting or web security company
  • Previous experience with analyzing malware from infected websites
  • Previous vulnerability research and findings
  • Previous experience working in a remote team
  • Industry certifications

What Patchstack can offer:

  • Highly impactful work
  • No corporate environment
  • Paid training for work-related personal development
  • Paid vacations (35 days a year)
  • Full-time telecommuting in a globally distributed team
  • Co-working space membership or WFH equipment for home-office
  • Fitness club or a local gym membership
  • Competitive salary with stock options plan
  • Awesome team members!

Cyber Security Jobs by Category

Cyber Security Salaries