Security Research Engineer - Detection Engineering

Key Responsibilities

• Develop, optimize, and maintain detection rules and signatures for all detection and edge defences.
• Develop context-enriched detections by leveraging user behavior analytics, traffic fingerprints, and API interaction context.
• Build and enhance Bot detection logic, identifying automated threats such as credential stuffing, scraping, API abuse, and fraud automation.
• Create correlation logic that combines multiple weak indicators (behavioral, request, session, and IP signals) into high-confidence detections.
• Research, design, and codify detections for the OWASP Top 10, OWASP API Top 10, and bot-driven attack vectors.
• Analyze large-scale security event telemetry to identify detection gaps, optimize existing rules, and reduce false positives.
• Collaborate with Engineering and Data Science teams to operationalize detection intelligence into Traceable’s engines.
• Continuously tune and validate detection rulesets based on real-world traffic, diverse customer environments, and evolving attacker behaviors.
• Build automation pipelines and validation frameworks to test detection logic and correlation performance.
• Investigate false positive/negative trends, and contribute to detection precision metrics.
• Analyze CVEs and emerging vulnerabilities, build proactive defenses, and publish research blogs or advisories based on findings.
• Contribute to product-level improvements by feeding back research insights into feature design and detection capabilities.

Required Skills & Experience

• 1 - 4 years of experience in security research, detection engineering.
• Strong background in WAF/WAAP detection, Bot detection.
• Hands-on experience writing rule logic:
• Coreruleset experience
• Deep understanding of regex
• Deep understanding of HTTP, API protocols, and common web attack payloads (XSS, SQLi, SSRF, Command Injection, Deserialization, etc.).
• Deep understanding of API Attack methodologies including OWASP API Top 10.
• Knowledge of GraphQL, gRPC and other protocols.
• Working knowledge of Bot behavior analysis, traffic fingerprinting, anti-automation, and CAPTCHA evasion tactics.
• Strong analytical ability to review false positives/negatives, perform event triage, and fine-tune detection coverage.
• Familiarity with API abuse detection, authentication attacks, and session-based correlation logic.
• Experience leveraging machine learning models or heuristic scoring for anomaly detection.
• Experience with writing signatures for any product.
• Experience building or tuning detection for OWASP Top 10 and API Top 10 categories.
• Understanding of alert workflows, and signal correlations.
• Proficiency in Java and Python for prototyping and automating rule validation workflows.
• Excellent communication, documentation, and cross-functional collaboration skills.

Nice to Have

• Contributions to open-source security projects, especially those related to the OWASP Top 10 or OWASP API Top 10.
• Experience developing custom WAF/WAAP rule engines, threat classifiers, or signal correlation pipelines.
• Background in API security, runtime protection, or detection engineering at scale.
• Authored publications, technical blogs, or delivered conference talks.