Head of Security Research

Posted Aug 30

Job description

Short facts about us:

  • We are a global remote-first team of 100+ people on 4 continents and in 10+ countries.
  • We have been protecting our clients since 2014.
  • The company has raised over $10M in investments.
  • More than 200 customers around the world, including Fortune 500, Nasdaq, and high-growth startups choose Wallarm to protect their API and web applications.
  • The company passed Y Combinator, the most prestigious incubator in Silicon Valley, from which Dropbox, Stripe, Docker, etc. came out.

Our product:

Wallarm API security solutions provide proven performance to support innovative companies serving millions of users and billions of API requests per month. Hundreds of Security and DevOps teams globally use Wallarm daily to:

  1. Discover. See every asset across your entire attack surface—from cloud environments to every API endpoint with auto-discovery capabilities.
  2. Protect. A single suite that goes beyond OWASP Top 10 for full coverage for API-specific threats, account takeover, malicious bots, L7 DDoS, and more.
  3. Respond. Streamline incident response with complete visibility, smart triggers, and active threat verification.
  4. Test. Automate security testing of your APIs and web assets. Prioritize remediation for every asset, in every environment.

Our technology stack:

  • Frontend: the system management interface is written in React and is a Single Page Application.
  • Node for filtering attacks requires maximum performance, that’s why we chosen C for its development.
  • Backend: we use mainly Ruby (RoR for API only and Sinatra) and Golang (Gin), some components and modules are written in Python (aiohttp, Flask, FastAP)
  • QA department using Python for developing integration autotests.
  • Cloud: GCP, Terraform, AWS
  • Databases: PostgreSQL, Elasticsearch, Riak/S3, Tarantool, and Redis
  • DevOps: KubernetesDocker, Prometheus, Grafana, EFK, Linux

In this role you will:

Security research domain:

  • Organization of the process of analyzing actual WEB/API threats.
  • Taking part in the review, quality control, and technical design of the threat detection and prevention mechanisms.
  • Constantly generating and pushing ideas for improving current security products
  • Organization and leading complex security researchers.
  • Leading security research team, people management, etc.
  • Defining the vision and strategy of the security value that Wallarm provides to customers.

Product management domain:

  • Work closely with key customers to gather and analyze customer problems and use cases to gain a deep understanding of requirements.
  • Develop and maintain a detailed requirements backlog and a roadmap supported by market analysis and competitive positioning.
  • Take an active role in defining the future Wallarm API Security Platform, create and maintain a vision for your product area, and suggest new innovative features that can become competitive advantages.
  • Facilitate communication and work collaboratively throughout the development process between various internal teams, including engineering, marketing, sales, customer support, and executives.

Job requirements

In this role you’ll need:

  • Excellent communication and interpersonal skills
  • Experience in web application audits
  • Deep knowledge of all types of attacks on web applications (CWE, OWASP Top 10, OWASP API Top 10); understanding of various protocols and attacks on them (JWT, GraphQL, Websockets, etc.).
  • Prior experience in leadership roles, leading and managing one or more teams.
  • Strong mathematical background and ability to apply mathematical principles effectively in the context of cybersecurity research.

Additional advantages will be:

  • Professional publications and/or speaker experience at specialized conferences
  • Participation experience in bug bounty, CTFs
  • IS certifications (OSCP, OSWE, etc.)
  • Proficient in one of the programming languages

What we offer:

  • Ability to work on a product that makes the Internet safer
  • Completely remote work and flexible working hours
  • Competitive salary and bonuses
  • Paid days off
  • Medical insurance
  • Working equipment
  • Professional development and career growth