WordPress and Cloudflare Security Specialist

Cloudflare Implementation & Management

• Implement and manage Cloudflare for client websites, including initial setup and configuration
• Handle DNS management and domain name migrations to Cloudflare
• Configure and optimize Cloudflare security features (WAF, Rate Limiting, Bot Management)
• Monitor and implement SSL/TLS certificates and ensure proper configuration
• Configure Cloudflare Page Rules and other features
• Troubleshoot Cloudflare-related issues and provide timely resolution

WordPress Security

• Conduct WordPress security audits using comprehensive checklists covering core, plugins, themes, and server configurations
• Implement and maintain WordPress security roadmaps tailored to each client's risk profile and business needs
• Perform security assessments covering authentication, authorization, API endpoints, headers, and vulnerability detection
• Remediate security findings including malware removal, plugin/theme updates, and security hardening
• Configure and manage security plugins and WAF implementations
• Implement security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy)
• Manage plugin and theme security including vetting, updates, and replacing insecure components
• Configure secure file permissions, disable unnecessary services, and restrict access to sensitive endpoints

Website Administration & Support

• Perform website migrations and ensure seamless transitions
• Troubleshoot and resolve website security issues
• Provide ongoing support for client websites
• Deliver responsive support for urgent security issues and emergencies
• Create and maintain security documentation and standard operating procedures

• 3+ years hands-on experience with WordPress security, hardening, and vulnerability remediation
• Proven expertise implementing and managing Cloudflare services, including DNS management and security features
• Experience with domain migrations and DNS configuration
• Strong knowledge of WordPress core architecture and common vulnerabilities (OWASP Top 10)
• Proficiency with security plugins and WAF configuration
• Experience implementing security headers
• Knowledge of malware detection, removal, and backup/disaster recovery solutions
• Understanding of privacy compliance requirements for websites
• Ability to explain security concepts clearly to non-technical business owners
• Strong documentation skills and attention to detail
• Excellent communication skills and ability to provide timely support

Preferred Skills

• Advanced experience with Cloudflare Enterprise security features and Workers
• Experience with Cloudflare for Teams or Zero Trust implementation
• Basic PHP knowledge for security code reviews
• Certifications: CEH, GWAPT, or WordPress security certifications
• Experience with penetration testing tools and methodologies
• Experience providing ongoing maintenance and support for multiple clients, * Candidate must be available to work between the hours of 6am-5pm pacific, ideally 6am-9am pacific and/or 12pm-5pm pacific
• Candidates who are aligned with advocacies for women's empowerment and rights are highly preferred
• Role includes a mix of project-based work and ongoing support work
• Ability to respond to urgent security issues outside of regular hours may be needed occasionally