Senior Lead Security Engineer – Bot Management

Additionally, the Senior Lead Security Engineer will:

• Design, deploy, and optimize bot-mitigation and service-abuse controls, including WAF configurations, rate limiting, behavioral/velocity checks, challenge/attestation frameworks (e.g., Cloudflare Turnstile), device-telemetry validation, and API/form hardening.
• Develop and maintain automated detection capabilities leveraging IP/ASN intelligence, identity patterns, traffic analytics, and anomalous behavior models.
• Lead bot-related incident response activities, including triage, containment, root-cause analysis, and long-term remediation planning to support platform stability and operational continuity.
• Partner closely with Engineering, DevSecOps, Fraud Strategy, Fraud Operations, Data, and Product teams to integrate preventive and detective controls across the customer funnel.
• Drive the long-term bot-mitigation roadmap and capability vision in partnership with Engineering, Product, Fraud, Data, and DevOps, ensuring alignment with enterprise risk-reduction, platform resiliency, and operational efficiency goals.
• Establish monitoring, reporting, and multi-signal decisioning (signal-fusion) mechanisms to provide visibility into bot activity, control effectiveness, system performance impacts, and operational risk indicators.
• Evaluate new tools, technologies, and techniques related to bot detection, behavioral analytics, device attestation, signal fusion, and automated-abuse prevention; develop recommendations based on threat trends, performance considerations, and business requirements.
• Produce architectural documentation, detection logic specifications, technical standards, and operational runbooks that support scalable and repeatable defense capabilities.
• Guide engineering teams in embedding resilient security patterns into web and API designs and influencing product flows to reduce automated-abuse exposure.
• Mentor team members and contribute to the broader security engineering and service-abuse management knowledge base.

Development:

• Bachelor’s Degree in Information Security, Computer Science, Engineering, or equivalent work experience.
• 5+ years of experience in Security Engineering, Application Security, Detection Engineering, or Fraud/Abuse/Risk Engineering.
• Strong understanding of web architecture, microservices, RESTful APIs, and common automation-abuse vectors.
• Experience with WAF/CDN platforms, API security, or cloud-native security constructs (AWS preferred).
• Ability to analyze high-volume web data to identify automated, anomalous, or abusive patterns.
• Familiarity with automation or scripting languages (e.g., Python) for detection logic, data analysis, or security-control deployment.
• Experience with CI/CD processes, infrastructure-as-code, and security automation tools is a plus.
• Demonstrated ability to produce high-quality technical documentation, architectural diagrams, and detection logic specifications.

Leadership:

• Proven ability to lead complex cross-functional initiatives involving Engineering, DevOps, Product, Data, and Fraud teams.
• Comfortable interpreting, validating, and challenging business and technical requirements related to service-abuse prevention and automated-traffic protection.
• Ability to clearly communicate technical concepts, risk implications, emerging trends, and recommended actions to stakeholders at all levels.
• Demonstrated experience influencing engineering architecture, operational processes, and product decisions to strengthen security controls and system resiliency.
• Strong organizational skills, capable of driving multi-team execution while maintaining clarity of priorities and timelines.
• Ability to coach and mentor team members and contribute to the maturity of the broader security engineering function.

Culture:

• Advocates for Agile methodologies, iterative improvement, and cross-functional collaboration.
• Effective operating in a fast-paced environment emphasizing shared ownership, service reliability, and partnership across disciplines.
• Committed to continuous learning and staying current with emerging threats, automation techniques, bot-evasion tactics, and advancements in bot-mitigation technologies.
• Able to challenge assumptions constructively and support consensus-driven decision-making.
• Values knowledge sharing and contributes to organizational capability-building.
• Works effectively both independently and as part of a team.
• Excellent written and verbal communication skills.