WordPress and Cloudflare Security Specialist

WordPress

Our client is a woman-owned and mission-driven cybersecurity company, working to advance the careers of and create job opportunities for women, people of color, LGBTQIA+, and other underrepresented folks across the globe, through their work with small and socially conscious organizations. They are a Public Benefit Corporation, a Certified B Corp, and a 1% for the Planet member. The team is now launching an innovative Work Integration Social Enterprise (WISE) that trains women in cybersecurity skills and provides real-world experience through client projects. This is a unique opportunity to build something impactful from the ground up.

They are seeking a WordPress & Cloudflare Security Specialist to implement and manage Cloudflare solutions while protecting their clients’ websites from evolving threats and maintaining compliance and optimal performance. You will thrive in this role if you are meticulous and detail-oriented, stay ahead of emerging security threats, and excel at educating non-technical clients about security best practices without overwhelming them. You’ll work closely with small business owners, marketing teams, and the Cybersecurity & IT Support Specialist to ensure comprehensive security across all digital platforms.

Job Responsibilities

Cloudflare Implementation & Management

  • Implement and manage Cloudflare for client websites, including initial setup and configuration
  • Handle DNS management and domain name migrations to Cloudflare
  • Configure and optimize Cloudflare security features (WAF, Rate Limiting, Bot Management)
  • Monitor and implement SSL/TLS certificates and ensure proper configuration
  • Configure Cloudflare Page Rules and other features
  • Troubleshoot Cloudflare-related issues and provide timely resolution

WordPress Security

  • Conduct WordPress security audits using comprehensive checklists covering core, plugins, themes, and server configurations
  • Implement and maintain WordPress security roadmaps tailored to each client’s risk profile and business needs
  • Perform security assessments covering authentication, authorization, API endpoints, headers, and vulnerability detection
  • Remediate security findings including malware removal, plugin/theme updates, and security hardening
  • Configure and manage security plugins and WAF implementations
  • Implement security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy)
  • Manage plugin and theme security including vetting, updates, and replacing insecure components
  • Configure secure file permissions, disable unnecessary services, and restrict access to sensitive endpoints

Website Administration & Support

  • Perform website migrations and ensure seamless transitions
  • Troubleshoot and resolve website security issues
  • Provide ongoing support for client websites
  • Deliver responsive support for urgent security issues and emergencies
  • Create and maintain security documentation and standard operating procedures

Required Skills

  • 3+ years hands-on experience with WordPress security, hardening, and vulnerability remediation
  • Proven expertise implementing and managing Cloudflare services, including DNS management and security features
  • Experience with domain migrations and DNS configuration
  • Strong knowledge of WordPress core architecture and common vulnerabilities (OWASP Top 10)
  • Proficiency with security plugins and WAF configuration
  • Experience implementing security headers 
  • Knowledge of malware detection, removal, and backup/disaster recovery solutions
  • Understanding of privacy compliance requirements for websites
  • Ability to explain security concepts clearly to non-technical business owners
  • Strong documentation skills and attention to detail
  • Excellent communication skills and ability to provide timely support

Preferred Skills

  • Advanced experience with Cloudflare Enterprise security features and Workers
  • Experience with Cloudflare for Teams or Zero Trust implementation
  • Basic PHP knowledge for security code reviews
  • Certifications: CEH, GWAPT, or WordPress security certifications
  • Experience with penetration testing tools and methodologies
  • Experience providing ongoing maintenance and support for multiple clients

Additional Information

  • Candidate must be available to work between the hours of 6am-5pm pacific, ideally 6am-9am pacific and/or 12pm-5pm pacific
  • Candidates who are aligned with advocacies for women’s empowerment and rights are highly preferred
  • Role includes a mix of project-based work and ongoing support work
  • Ability to respond to urgent security issues outside of regular hours may be needed occasionally
  • Rate: $15-$45 per hour depending on location
  • Hours: Project-based with ongoing support as needed (~20 hrs/month)

Requirements

Hours needed per week (approximate): less than 10 hours

These are the skills the Client is looking for:

SecurityWordPress

English proficiency level: Fluent