CloudFlare
Security Researcher & Analyst - Application Security
CloudFlare, London, Kentucky, United States, 40741
Position Title
Security Researcher & Analyst - Application Security
Available Locations Bengaluru, London, Mexico
About The Department Cloudflare’s Application Security department builds and runs the software that detects and mitigates malicious, abusive, and fraudulent HTTP requests going through the Cloudflare network before they reach our customer sites. We achieve this by harnessing the vast amount of internet traffic data available to us to create and manage products including WAF, Bot Management, and Fraud Detection. We use cutting‑edge Artificial Intelligence and Machine Learning techniques in security attack detection and mitigation. The team is multidisciplinary, bringing together system and software engineers, security researchers and analysts, and data scientists to identify active adversaries, design and implement machine learning models, and engineering solutions to protect customers from security attacks.
What Youll Do
Hands‑on experience working with threat detection and prevention product engineering teams, recognizing vulnerabilities and configuring mitigations or managing risks in existing and new products.
Apply a deep understanding of security vulnerabilities in web application and application security.
Reverse and research n‑day exploits, proactively detect patterns of bot and fraud attacks, review false positive and false negative reports, and recommend security configurations.
Communicate security forensics to technical and non‑technical audiences, including writing public‑facing research blogs.
Author periodic reports on trends in Internet traffic and security attack insights.
Experience with modern cloud‑based technologies used to deliver rapidly‑changing products at scale.
Conduct penetration testing to identify security gaps and potential exploits across applications and services.
Develop, maintain, and enhance security dashboards to monitor and analyze attack trends, bot activity, and fraud detection metrics.
Leverage strong coding skills to build and automate security tools, improve system engineering workflows, and develop new security rules and heuristics.
Examples of desirable skills, knowledge and experience.
A degree in computer science, IT, systems engineering, or related qualification.
4 years of work experience with incident detection, incident response, forensics, reverse engineering, or security research.
Ability to work under pressure in a fast‑paced environment.
Strong analytical mind, attention to detail, and outstanding problem‑solving skills.
Great awareness of cybersecurity trends and hacking techniques.
Demonstrated results in identifying, tracking and resolving cybersecurity issues.
Strong written and verbal communication skills.
Experience in OWASP, security standards and best practice.
Strong SQL experience.
Proficiency in penetration testing methodologies, tools, and vulnerability assessment techniques.
Experience building security dashboards using tools like Grafana or similar visualization platforms.
Strong programming experience with expertise in Python, Go, Rust, or JavaScript to develop security tools and automation.
Prior experience or interest in Web Security, HTTP protocols, Python, Jupyter Notebook, and JavaScript is a huge plus.
Knowledge and experience with machine learning, statistical inference, and AI is a huge plus.
Bonus Points
Knowledge and experience with columnar databases like ClickHouse.
Familiarity writing and optimizing advanced SQL queries.
Good Linux/UNIX systems knowledge.
Presented at security conferences such as BlackHat, DefCon, or BSides.
What Makes Cloudflare Special? We are not just a highly ambitious, large‑scale technology company; we are one with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.
Project Galileo: Since 2014, we’ve equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work. These tools are also used by Cloudflare’s enterprise customers at no cost.
Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project, we’ve provided services to more than 425 local government election websites in 33 states.
1.1.1.1: We released 1.1.1.1 to help fix the foundation of the Internet by building a faster, more secure and privacy‑centric public DNS resolver. It is available publicly for everyone to use. We do not store client IP addresses, and we remain committed to our privacy commitment and ensuring no user data is sold to advertisers or used to target consumers.
Sound like something you’d like to be a part of? We’d love to hear from you!
Equal Employment Opportunity Declaration This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.
Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA/Veterans/Disabled Employer.
Cloudflare provides reasonable accommodations to qualified individuals with disabilities. If you require a reasonable accommodation to apply for a job, please contact us via e‑mail at hr@cloudflare.com or via mail at 101 Townsend St. San Francisco, CA 94107.
PI279363766
#J-18808-Ljbffr
Available Locations Bengaluru, London, Mexico
About The Department Cloudflare’s Application Security department builds and runs the software that detects and mitigates malicious, abusive, and fraudulent HTTP requests going through the Cloudflare network before they reach our customer sites. We achieve this by harnessing the vast amount of internet traffic data available to us to create and manage products including WAF, Bot Management, and Fraud Detection. We use cutting‑edge Artificial Intelligence and Machine Learning techniques in security attack detection and mitigation. The team is multidisciplinary, bringing together system and software engineers, security researchers and analysts, and data scientists to identify active adversaries, design and implement machine learning models, and engineering solutions to protect customers from security attacks.
What Youll Do
Hands‑on experience working with threat detection and prevention product engineering teams, recognizing vulnerabilities and configuring mitigations or managing risks in existing and new products.
Apply a deep understanding of security vulnerabilities in web application and application security.
Reverse and research n‑day exploits, proactively detect patterns of bot and fraud attacks, review false positive and false negative reports, and recommend security configurations.
Communicate security forensics to technical and non‑technical audiences, including writing public‑facing research blogs.
Author periodic reports on trends in Internet traffic and security attack insights.
Experience with modern cloud‑based technologies used to deliver rapidly‑changing products at scale.
Conduct penetration testing to identify security gaps and potential exploits across applications and services.
Develop, maintain, and enhance security dashboards to monitor and analyze attack trends, bot activity, and fraud detection metrics.
Leverage strong coding skills to build and automate security tools, improve system engineering workflows, and develop new security rules and heuristics.
Examples of desirable skills, knowledge and experience.
A degree in computer science, IT, systems engineering, or related qualification.
4 years of work experience with incident detection, incident response, forensics, reverse engineering, or security research.
Ability to work under pressure in a fast‑paced environment.
Strong analytical mind, attention to detail, and outstanding problem‑solving skills.
Great awareness of cybersecurity trends and hacking techniques.
Demonstrated results in identifying, tracking and resolving cybersecurity issues.
Strong written and verbal communication skills.
Experience in OWASP, security standards and best practice.
Strong SQL experience.
Proficiency in penetration testing methodologies, tools, and vulnerability assessment techniques.
Experience building security dashboards using tools like Grafana or similar visualization platforms.
Strong programming experience with expertise in Python, Go, Rust, or JavaScript to develop security tools and automation.
Prior experience or interest in Web Security, HTTP protocols, Python, Jupyter Notebook, and JavaScript is a huge plus.
Knowledge and experience with machine learning, statistical inference, and AI is a huge plus.
Bonus Points
Knowledge and experience with columnar databases like ClickHouse.
Familiarity writing and optimizing advanced SQL queries.
Good Linux/UNIX systems knowledge.
Presented at security conferences such as BlackHat, DefCon, or BSides.
What Makes Cloudflare Special? We are not just a highly ambitious, large‑scale technology company; we are one with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.
Project Galileo: Since 2014, we’ve equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work. These tools are also used by Cloudflare’s enterprise customers at no cost.
Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project, we’ve provided services to more than 425 local government election websites in 33 states.
1.1.1.1: We released 1.1.1.1 to help fix the foundation of the Internet by building a faster, more secure and privacy‑centric public DNS resolver. It is available publicly for everyone to use. We do not store client IP addresses, and we remain committed to our privacy commitment and ensuring no user data is sold to advertisers or used to target consumers.
Sound like something you’d like to be a part of? We’d love to hear from you!
Equal Employment Opportunity Declaration This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.
Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA/Veterans/Disabled Employer.
Cloudflare provides reasonable accommodations to qualified individuals with disabilities. If you require a reasonable accommodation to apply for a job, please contact us via e‑mail at hr@cloudflare.com or via mail at 101 Townsend St. San Francisco, CA 94107.
PI279363766
#J-18808-Ljbffr