Malware Intelligence Analyst (worldwide remote, work anywhere)

Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.

Check out our website for more information about our Imunify360 product: https://www.imunify360.com/.

Imunify360 scanners clean millions of infected files and websites every month. Behind this number is a team of malware analysts who reverse-engineer threats, write detection signatures, and build the intelligence layer that protects hundreds of thousands of web servers from small WordPress sites to infrastructure giants.

We're growing the Malware Processing Team and hiring analysts to work across time zones as we move to 24/7 malware coverage. You'll dissect real-world web malware obfuscated PHP backdoors, JavaScript injections, SEO spam, cryptominers and turn your findings into detection rules that ship to production and protect millions of websites.

This is a fully remote position with a fixed schedule tailored to your time zone and preferences.

What You'll Do

• Analyze and classify web malware: PHP shells, JavaScript injectors, WordPress backdoors, SEO spam, redirectors, cryptominers, and other threats targeting the hosting ecosystem
• Reverse-engineer obfuscated PHP and JavaScript to understand attacker techniques and extract detection patterns
• Write and refine PCRE-based detection signatures for our scanning engine precision matters, false positives erode customer trust
• Maintain processing SLAs as part of a globally distributed team providing round-the-clock malware coverage
• Research emerging threats new CMS exploitation techniques, supply-chain attacks on plugins/themes, zero-day delivery methods

Requirements

Must have:

• Strong PCRE regex expertise, you understand anchors, non-capturing groups, performance implications, and can write complex patterns that are both accurate and efficient
• 3+ years working with PHP and/or JavaScript, reading, understanding, and analyzing code (differentiate legitimate and malicious artifacts, no software engineering skills required)
• Web malware reverse engineering, JS deobfuscation, PHP deobfuscation, unpacking encoded payloads
• Understanding of web attack injection, XSS, RCE, file upload exploits, and how they manifest in hosting environments
• Familiarity with web server and shared hosting architecture, Apache/Nginx/LiteSpeed, Reverse Proxy, PHP handlers, WAF, Namespaces, cgroups, Linux File system permissions.
• English proficiency at upper-intermediate level or above.

Nice to have:

• Experience with WordPress internals (themes, plugins, hooks)
• Hands-on website cleanup or incident response experience
• Penetration testing or red team background
• Python scripting for automation and tooling
• Experience with YARA rules or other signature formats
• Familiarity with cPanel, Plesk, or DirectAdmin environments

We've intentionally broadened this list. If you bring strong analytical skills and a genuine curiosity about how malware works, but your background is in security research or adjacent fields rather than pure malware analysis, we want to hear from you. Our onboarding process and modern tooling will bridge the gaps.

Work Schedule

We operate a 24/7 malware processing pipeline with a 1-hour SLA. To make that sustainable and fair:

• You'll work a standard 5-day week (5 on / 2 off) on a fixed schedule aligned with your time zone and preferences — no mandatory rotation.
• Weekends and public holidays that fall within your schedule are compensated with either bonus payments or an extra vacation days.

Benefits

What's in it for you?

• 5-day week (5 on / 2 off) on a fixed schedule aligned with your time zone.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.