Security Research Engineer - Security Testing

Short facts about us:

• We are a global remote-first team of 100+ people on 4 continents and in 10+ countries.

• We have been protecting our clients since 2014.

• The company has raised over $10M in investments.

• More than 200 customers around the world, including Fortune 500, Nasdaq, and high-growth startups choose Wallarm to protect their API and web applications.

• The company passed Y Combinator, the most prestigious incubator in Silicon Valley, from which Dropbox, Stripe, Docker, etc. came out.

Our product:

Wallarm API security solutions provide proven performance to support innovative companies serving millions of users and billions of API requests per month. Hundreds of Security and DevOps teams globally use Wallarm daily to:

1. Discover. See every asset across your entire attack surface—from cloud environments to every API endpoint with auto-discovery capabilities.

2. Protect. A single suite that goes beyond OWASP Top 10 for full coverage for API specific threats, account takeover, malicious bots, L7 DDoS, and more.

3. Respond. Streamline incident response with complete visibility, smart triggers, and active threat verification.

4. Test. Automate security testing of your APIs and web assets. Prioritize remediation for every asset, in every environment.

About the role:

As a Security Research Engineer for our Security Testing Product, you will drive innovation in API security by researching, designing, and developing advanced testing capabilities. You will collaborate with engineering teams to identify and address emerging threats, ensuring our solutions remain at the forefront of the industry. This role requires deep technical expertise, a passion for security research, and the ability to translate complex vulnerabilities into actionable solutions.

Key Responsibilities:

• Security Research: Investigate emerging API threats, vulnerabilities, and attack vectors (e.g., OWASP API Top 10) to enhance our security testing capabilities.  

• Feature Development: Design and implement new testing features, such as automated vulnerability scanning and API-specific threat detection, in collaboration with developers.  

• Technical Leadership: Define technical requirements for complex security features and guide their implementation.  

• Threat Analysis: Analyze industry trends, competitor offerings, and real-world attack patterns to inform product enhancements.  

• Collaboration: Work closely with engineering, product, and customer success teams to integrate security best practices (e.g., OWASP API Top 10) into our solutions.  

• Innovation: Propose and prototype cutting-edge testing methodologies, including AI-driven or MLOps-based approaches to threat detection.