Threat Research Engineer

DataDome is one of the fastest-growing tech startups in Paris(e)We offer a cutting edge technology that protects online businesses (websites and mobile applications) against advanced cyber attacks.

Based on AI & Machine Learning, our cybersecurity solution can detect & block the most sophisticated bot attacks, in real-time.

We’re proud to protect more than 10 000 domains worldwide, including TripAdvisor, The New-York Times, Carrefour, BlaBlaCar, Rakuten, Veepee, Adevinta.

Our offices in Paris & New-York gather talents coming from 10 different nationalities(e)We all love our ideally located & modern offices, an accessible management team, offsite events and weekly team-building initiatives, a chill room that includes foosball, video games and a punching bag!

DataDome is #CustomerCentric, the solution is the leader on g2.com and 100% of our customers renew their subscription year after year.

Want to play your part in the war against bad bots? Join the team and become a Botbuster!

Our technical stack is mainly composed of a real-time detection layer in Java, a low latency Stream Engine running on Flink in Scala, ElasticSearch for the storage, Kafka for communication between layers, HAProxy for load balancing, Symfony 5 & Angular 9 for our dashboards.

We operate at scale and handle over 1 000 billion events per day giving responses within 3ms (99p)(e)Currently, we are present in more than 25 data centers around the world, deployed using Docker.

Our infrastructure is deployed on AWS, Azure, Scaleway, Vultr, and GCP, using Docker, Ansible and Terraform, and monitored with Grafana and Prometheus.

This stack is currently handling 500k requests per second and manages more than 300 TB of data.

We are looking for a seasoned Threat Research Engineer to:

• Internal bot detection red team:
  • Challenge our different bot detection mechanisms to ensure we properly detect bots(e)Create tools to automate this process.
  • Help detect bypasses proactively by analyzing different modules as well as potential misconfigurations on our customer websites
• Improve client-side bot detection:
  • add new signals to our JS tag to collect browser fingerprints capable of detection advanced bots that forge their fingerprints all while ensuring a good code quality.
  • Improve resilience of client-side code and the payloads sent by the code to make it more difficult for bots to forge payload
  • Collaborate with mobile team to collect new signals in our SDK to improve mobile bot detection
• Research
  • Collaborate with other member of the threat research teams as well as member of other teams to implement new approaches to improve bot detection, such as:
    • Improving botnet IPs detection
    • Improving detection of credential stuffing attack (speed and accuracy)
    • Creating/improving new client-side challenges such as CAPTCHAs, interstitial pages
• Communication:
  • Share your results externally using appropriate communication medium, such as meetups, conference talks, academic papers, blog posts

Should have

• At least 3 years of experience programming python and JS
• Strong computer science background
• Strong knowledge of web and network infrastructures
• Strong knowledge of web client side technologies
• A "hacker" spirit
• Experience in residential proxies or Bots creation
• Good communication skills (oral and written)

Nice to have

• Previous experience in a Cyber Security company
• Good communication skills

What are the next steps?

You x Talent Acquisition Manager : first interview and cultural fit

You x Engineering Manager: technical and cultural fit + Take-home technical challenge

You x Team: Presentation and review of your "technical proposal" with the team

You x Member of the leadership team - Discussion about DataDome vision and "raison d'être" ?

Now you really met everyone Welcome to DataDome :)

DataDome is an equal opportunity employer, and proud to be committed to diversity and inclusiveness(e)We will consider all qualified applicant without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.