Role Description We manage a UK based prescription drug e-commerce site built on WordPress. For over a decade, the site has been flooded with spam user registrations despite using multiple plugins (mobile verification, math challenges, CAPTCHA, etc.). Spam accounts continue to bypass these measures. We need a developer who can think like an attacker, identify the loopholes, and implement a robust, long-term solution. - Audit the current WordPress registration and login flows, including all security plugins and custom code. - Identify how bots are circumventing existing protections (e.g., API abuse, headless browsers, plugin vulnerabilities). - Develop and implement advanced anti-spam measures tailored to the site's architecture (e.g., custom challenges, behavior analysis, honeypots, rate limiting, or integration with third-party services like Cloudflare Turnstile). - Ensure the solution is lightweight, user-friendly for genuine customers, and maintainable. - Provide documentation and a brief hand-off to the client. Qualifications - Proven experience with WordPress security, specifically combating spam registrations and bot attacks. - Strong PHP and WordPress development skills (themes, plugins, hooks, REST API). - Familiarity with modern anti-spam techniques (CAPTCHA variants, JavaScript challenges, IP analysis, browser fingerprinting, etc.). - Ability to reverse engineer how bots work and test your own solutions. - Portfolio of similar projects - please include links or descriptions of past work where you successfully reduced spam or secured a WordPress site. - Excellent communication in English (written and spoken). Requirements - Nice to Have(s): - Experience with e-commerce platforms (WooCommerce) and membership sites. - Knowledge of server-level security (e.g., fail2ban, ModSecurity) and CDN configurations. - Contributions to WordPress core or security plugins. Benefits - 100% remote - work from anywhere in your timezone. - Flexible hours - focus on delivery, not clock watching. - Direct collaboration with the client - no middlemen, no bureaucracy. - Impactful work - solve a decade-old problem that actually matters to the business. - Potential for ongoing work - if results are strong, there may be additional security projects. Company Description - 🚀 New Business Setup: HR operations, talent strategy, culture building - ⚡ Staffing Excellence: Tech recruitment, process optimization, digital transformation - 🎯 Career Coaching: Next-gen professional development, leadership training - 💡 Specialized: TRCP-certified, scaled 300+ tech hires, 96% success rate

The Company Cape was founded in early 2022 by Palantir and Anduril alums with deep expertise in privacy and national security. While running Palantir’s US national security business, our CEO became passionate about privacy and security on mobile devices. Our mission is to be a force for good in global wireless. At Cape, we are not just another cellular service provider; we are the architects of a privacy-centric movement that starts with the devices in your pocket. We are building a cellular network that helps citizens, including those responsible for our nation’s security, regain control of their own data. We believe that where we are, where we go, and whom we are with are among our most personal information and should be kept private. Privacy is not something you achieve by limiting yourself or by doing less, it is a set of features to be built so you can do more. We have raised money from Andreessen Horowitz and other top-tier VCs, and are excited to grow the team. The Team We are relentless builders, constantly innovating and pushing the boundaries of what a telco can do. At Cape we trust our teammates to be great, and expect them to make profound impact. As a member of our team, you will collaborate with some of the smartest engineers, architects, and builders anywhere, working across organizational lines to deliver for our customers, every time. The Role We are seeking an experienced Security Engineer with a specialization in product security to join our team. As a strategic partner, you will make an immediate impact by leveraging your expertise in cloud and application security. This role is pivotal in reducing risk across our AWS cloud environments, mobile core infrastructure, and mobile applications. You will be responsible for designing, implementing, and that comply with regulatory standards, enhance internal processes, and minimize data security risks. Through developing ongoing security strategies and technologies, you will support the organization's business objectives and daily operations. Responsibilities - Design, implement, and manage robust security controls and policies within AWS, focusing on the confidentiality, integrity, and availability of data and services. - Perform comprehensive security assessments of our cloud environments to identify vulnerabilities, assess risks, and recommend actionable mitigation strategies. - Lead the integration of security practices into the DevOps lifecycle, promoting secure development, deployment, and operational processes. - Utilize and optimize AWS security tools (such as Amazon GuardDuty, Amazon Inspector, AWS IAM, AWS KMS, AWS WAF, and AWS Shield) and explore third-party solutions to bolster our security posture. - Assist in running and address findings from penetration tests and security audits, and ensuring prompt and effective remediation. - Stay informed about the latest security threats, vulnerabilities, and compliance mandates affecting cloud environments, provide strategic guidance on technologies and best practices. - Provide expert mentorship to junior security team members and engineers across the company, to foster an organizational culture of security awareness and continuous improvement. - Collaborate with stakeholders to integrate security requirements effectively into engineering projects and broader business initiatives. Preferred Experience - Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience), Advanced degrees or certifications (e.g., CISSP, AWS Certified Security Specialty) are advantageous. - A minimum of 5 years of experience in information security, with at least 3 years concentrated on cloud security within AWS environments. - Deep understanding of AWS architecture, security services, and best practices for securing cloud applications and data. - Proficiency in using infrastructure as code (IaC) tools (like Terraform or AWS CloudFormation) and in automating security tasks within AWS. - Skilled in scripting languages (Python, TypeScript, Go) for the automation of security tasks and the integration of security tools. - Familiarity with containerization and microservices, particularly in securing stacks using these technologies. - Solid knowledge of network security, encryption technologies, and secure coding practices. - Excellent analytical skills for identifying and mitigating complex security vulnerabilities and risks. - Strong communication and leadership abilities, capable of working collaboratively across teams and effectively conveying technical information to non-technical stakeholders. - Organized and able to manage multiple priorities in a dynamic, fast-paced environment. Competencies Role competencies - Security Expertise: Experience finding and resolving security issues and vulnerabilities in code. Bug Bounty programs. Secure by design principals and working with engineers during design time. - Analytical: Collects data and information; uses critical thinking to solve problems and make sound decisions. - Collaboration & Teamwork: Builds partnerships with others to reach common goals. Able to share credit with coworkers, display enthusiasm and promote a friendly group working environment. Works closely with other departments as necessary, supports group decisions and solicits opinions from coworkers. - Communication: Presents information through verbal and written communication; reads and interprets complex information; listens well. Develops and delivers multi-mode communications that convey clear understanding of unique audiences. - Decision-Making: Acts quickly to solve problems and exercises good judgment by making sound and well-informed decisions. Perceives the impact and implications of decisions; makes effective and timely decisions, even when data is limited. - Dependability/Self-Management: Possesses the personal discipline and diligence necessary to keep commitments and to complete tasks. Is accountable for actions and outcomes. Makes effort to improve situations without explicit instructions; a self-starter who consciously manages his/her own time and resources. - Customer Centric: Values the importance of delivering high quality, innovative service to employees; understands the needs of the client; responds promptly and is accessible to them; follows through on commitments in a timely manner; maintains positive, long-term working relationships; assumes ownership of process issues and takes appropriate steps to mitigate problems. Gets consistently high feedback from stakeholders. Raises hand to help. - Flexibility / adaptability: Adjusts quickly to changing priorities, conditions, and challenges. Copes effectively with complexity and change. Is comfortable navigating ambiguity. Can handle business changes with ease and with a lack of frustration or feeling of defeat. Feels comfortable dealing with limited unknowns in an area they are well versed in. - Planning & Organization: Manages multiple projects, determines project urgency in a meaningful and practical way, uses goals to guide actions, creates detailed action plans, and organizes tasks. Cape-specific competencies - Do Excellent Work - Respect The Opportunity (each other, the user) - Overshare - Bias Towards Action We offer competitive compensation that is geo-adjusted based on your location, along with meaningful equity so you share in the value you help create. Our benefits include: - 401(k) match - 100% coverage of medical, dental, and vision premiums for you and your dependents - 12 weeks paid parental leave (for all parents, no waiting period) - Stipends for - Family-forming needs - Gender-affirming care - Unlimited PTO Our Culture - We are builders, and we choose to spend our time building things that matter. Many of our people have backgrounds in Defense Tech as well as the defense and intelligence community. We build to win. - We hire excellent people, give them outsized responsibility, and trust them to execute at a high level. Everyone here has a track record of solving hard problems throughout their careers. - We believe that personal privacy and national security interests are not inherently at odds, and can be reconciled via strong technology. - We believe that companies exist to build awesome things and take care of their people. Our benefits reflect that– top-tier health care, 401(k) matching, and a generous vacation policy (that we actually use). - We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Achieving diversity across these categories will serve to make our company stronger and our product better. How to apply Click the link below to apply. We reserve the right to make use of any unsolicited resumes received from outside recruiting agencies and / or individual recruiters without being responsible for payment of any fees asserted from the use of unsolicited resumes.

• You will support or manage the full lifecycle of vendor, application, compliance, and security assessments, including launch and coordination. • You will leverage your technical expertise to progress technical security assessments of new tools, applications and systems independently, including guiding end-to-end completion, developing pre and post implementation requirements, and managing exception requests. • You must coordinate with internal stakeholders including IT, compliance, procurement, legal, and other relevant teams to ensure comprehensive coverage and clarity of requirements. • You must maintain accurate documentation and reporting to facilitate transparency and informed decision-making. • You must continuously identify opportunities for process improvement, efficiency gains, and enhanced accuracy of assessments. • You will, at times, provide security consulting and influence adoption of security best practices. • You may support information security and data privacy compliance audits and associated activities or if needed, support incident response.

• Conduct physical security assessments of financial centers, offices, and ATMs to proactively identify vulnerabilities, evaluate risk exposure, and develop prioritized recommendations. • Provide operational oversight for security technologies such as alarm and fire systems, access control, and video surveillance. • Lead the planning and execution of system installations, upgrades, integrations and lifecycle management. • Partner with internal stakeholders and external vendors to ensure systems operate effectively, securely, and in compliance with organizational requirements. • Manage access control additions, including permissions, terminations and badging. • Serve as a primary responder and lead coordinator for security incidents. • Prepare incident reports, security-related assessments and other applicable reports upon request. • Deliver training and guidance to employees on security procedures, robbery response, alarm protocols, and overall security awareness. • Serve as a subject matter expert for internal business units and leadership, by advising on security risks, standards, and solutions.