Security Research Engineer for Wallarm

Security Research Engineer (Security Testing Product) for Wallarm - a San Francisco-based API security platform (remote)

Wallarm is an API security platform that focuses on protecting AI-driven innovation, modern applications, and cloud infrastructures. APIs, being the primary attack vector for cybercriminals, often face vulnerabilities that existing tools can't address effectively. Many API security solutions today only offer observability without the ability to prevent attacks, requiring complex deployments and significant human involvement.

Wallarm stands out by offering the fastest, easiest, and most effective way to stop API attacks. The platform provides a comprehensive inventory of APIs, patented AI/ML-based abuse detection, real-time blocking, and an API Security Operations Center (SOC)-as-a-service. Unlike traditional solutions that simply alert on suspicious behavior, Wallarm proactively works to fix API security issues, not just identify them. The platform can be easily deployed inline to block attacks, and its expert API SOC team ensures continuous protection 24/7/365.

Headquartered in San Francisco, California, Wallarm is supported by investors like Toba Capital, Y Combinator, Partech, and others.

More short facts about Wallarm:

• Global remote-first team of 100+ people on 4 continents and in 10+ countries.
• They have been protecting clients since 2014.
• The company has raised over $10M in investments.
• More than 200 customers around the world, including Fortune 500, Nasdaq, and high-growth startups choose Wallarm to protect their API and web applications.
• The company passed Y Combinator, the most prestigious incubator in Silicon Valley, from which Dropbox, Stripe, Docker, etc. came out.

About the role:

As a Security Research Engineer for our Security Testing Product, you will drive innovation in API security by researching, designing, and developing advanced testing capabilities. You will collaborate with engineering teams to identify and address emerging threats, ensuring our solutions remain at the forefront of the industry. This role requires deep technical expertise, a passion for security research, and the ability to translate complex vulnerabilities into actionable solutions.

Key Responsibilities:

• Security Research: Investigate emerging API threats, vulnerabilities, and attack vectors (e.g., OWASP API Top 10) to enhance our security testing capabilities.
• Feature Development: Design and implement new testing features, such as automated vulnerability scanning and API-specific threat detection, in collaboration with developers.
• Technical Leadership: Define technical requirements for complex security features and guide their implementation.
• Threat Analysis: Analyze industry trends, competitor offerings, and real-world attack patterns to inform product enhancements.
• Collaboration: Work closely with engineering, product, and customer success teams to integrate security best practices (e.g., OWASP API Top 10) into our solutions.
• Innovation: Propose and prototype cutting-edge testing methodologies, including AI-driven or MLOps-based approaches to threat detection.

Job Requirements:

Must-Have Skills:

• Proven experience as a Security Engineer, Security Researcher, or similar role in the security domain (e.g., SAST/DAST, Vulnerability Management, or API security).
• Strong understanding of API protocols such as JSON-API, GraphQL, XML-RPC, JSON-RPC, OData, gRPC, WebSocket, SOAP, and others.
• Expertise in application security concepts (e.g., OWASP Top 10, OWASP API Top 10) and vulnerability exploitation techniques.
• Past experience in automation for security testing tools and pentets.
• Knowledge of Secure Software Development Lifecycle (SSDLC) and integrating security solutions into CI/CD pipelines.
• Excellent communication skills to articulate complex security concepts to technical and non-technical stakeholders.

Nice-to-Have Skills:

• Expertise in API-specific attacks or participation in vulnerability assessments (e.g., bug bounty programs).
• Proficiency in programming languages like Python, Go, or Ruby for scripting and tool development.
• Familiarity with MLOps practices or AI-driven approaches to threat detection.

What we offer:

• The opportunity to work on a product that enhances Internet security.
• Fully remote work with flexible working hours.
• Competitive salary and performance-based bonuses.
• Paid time off.
• Medical insurance.
• Working equipment.
• Professional development and career growth opportunities.