About the Role

We’re looking for a security-minded analyst with a deep understanding of internet protocols, automation patterns, and detection mechanisms.

In this role, you’ll focus on analysing and mitigating bot threats, improving system resilience, and ensuring reliable access to public data sources.

You’ll work closely with engineering teams to simulate real-world traffic, identify weaknesses in detection systems, and help design solutions that align with platform guidelines while ensuring performance and reliability. And most importantly - you'll get to work in a highly technical team that values creativity, autonomy, and deep problem-solving in a super flexible environment, modern stack, and a chance to impact real-world performance at scale.

Responsibilities

• Research and analyse anti-bot protections (WAFs, captchas, fingerprinting, etc.) to improve service stability and response handling.

• Monitor public websites for access disruptions, and diagnose root causes at the network, browser, or protocol level.

• Reverse engineer modern client-side JavaScript defences used by bot mitigation vendors

• Implement systems that mimic human-like behaviour in client traffic to reduce false-positive bot detections.

• Continuously evaluate the performance and detectability of automated systems in high-security environments.

• Collaborate with developers to build more resilient, compliant, and efficient data access pipelines.

• Create detailed documentation, technical assessments, and threat models for ongoing protections.

Requirements

• Proven offensive application security background

• Strong understanding of HTTP, TLS, DNS, WebSocket, and general internet protocols.

• Familiarity with bot detection systems, fingerprinting techniques, and rate-limiting behaviours.

• Hands-on experience with browser automation frameworks (e.g., Puppeteer, Playwright, Selenium).

• Ability to dissect and debug traffic using tools like Wireshark, Burp Suite, mitmproxy, or browser DevTools.

• Solid coding skills in Python, Node.js, Go, or similar.

• Comfortable working independently and taking ownership of technical investigations.

Bonus Points

• Experience building or defending against bot mitigation systems.

• Understanding of cloud WAFs (e.g., Cloudflare, Akamai, PerimeterX).

• Knowledge of browser fingerprinting and client behaviour modelling.

• Previous work in security research, threat analysis, or high-scale automation.