Threat Research Engineer - Web Security

About the Product: Our company is dedicated to providing comprehensive web security solutions, protecting our customers from a wide range of threats, including L7 bot attacks, DDoS, OWASP top 10 vulnerabilities, WAF, and API security. As part of our Web Security team, we are leveraging AI to enhance our threat detection and mitigation strategies, ensuring robust and dynamic protection for our clients.

What You Will Do: As a Threat Research Engineer, you will be pivotal in enhancing our web security product. You will identify and mitigate new threats, develop automated pipelines for integrating security measures, and contribute to the development and continuous training of AI models for threat detection.

Your Responsibilities:

• Identify and research emerging threats targeting web applications, including L7 bot attacks, DDoS, OWASP top 10 vulnerabilities, WAF, and API security.
• Develop and maintain automated pipelines to integrate new security measures, including scanning, monitoring, and enabling countermeasures.
• Participate in the development and refinement of AI models to replace traditional regex-based rules, ensuring continuous training and testing of these models.
• Collaborate with the Web Security team to implement and enhance AI-driven decision-making processes for threat detection and mitigation.
• Stay updated with the latest security trends, vulnerabilities, and attack vectors to proactively protect our customers.
• Write articles on fresh attacks mitigated by us, sharing valuable insights and knowledge with the broader security community.

Requirements

We Expect You to Have:

• Extensive experience in web security, with a focus on L7 bot attacks, DDoS protection, OWASP top 10 vulnerabilities, WAF, and API security.
• Proficiency in developing automated security pipelines using industry-standard tools and frameworks.
• Experience with AI/ML models, particularly in the context of security and threat detection.
• Deep understanding of web security principles, attack vectors, and mitigation techniques.
• Familiarity with scripting and programming languages commonly used in threat research (e.g., Python, JavaScript).
• Knowledge of modern CI/CD practices and automation tools to ensure efficient deployment and monitoring of security measures.
• Strong problem-solving skills and a proactive approach to identifying and addressing security threats.