Senior Security Researcher & Analyst - WAF Application Security Experts jobs in United States
cer-icon
Apply on Employer Site
company-logo

Cloudflare · 2 hours ago

Senior Security Researcher & Analyst - WAF Application Security Experts

positionAustin, TX
timeFull-time
remoteHybrid
seniorityMid, Senior Level
date2+ years exp

Cloudflare is a mission-driven company focused on building a better Internet. They are seeking a Senior Security Researcher & Analyst to enhance their WAF application security capabilities by researching and improving detection logic to protect customer applications from web threats.

AnalyticsEnterprise SoftwareSecurityWeb Hosting
check
H1B Sponsor Likelynote

Responsibilities

Analyze web exploits and vulnerability patterns (RCE, SQLi, XSS, SSRF, deserialization, etc.) and build corresponding WAF mitigations
Collaborate with product engineering and data teams to tune detection efficacy - reducing false positives/negatives across large-scale, high-volume traffic
Develop, test, and deploy WAF managed rules and exploit signatures based on public CVEs, threat intelligence, and internal telemetry
Perform targeted penetration testing and red-team style assessments to uncover gaps in Cloudflare’s WAF coverage and propose mitigations
Leverage strong coding skills to automate rule validation, testing pipelines, and data analysis workflows
Conduct research on attacker behaviors, evolving exploit chains, and web attack automation trends
Produce internal and external research reports summarizing Internet-wide attack trends and WAF efficacy insights
Collaborate closely with Bot Management, Fraud, and ML teams to design cross-signal detection frameworks that unify WAF and behavioral defenses
Communicate complex technical findings clearly to both engineering and non-technical audiences

Qualification

Web Application SecurityWAF rule developmentVulnerability analysisProgramming PythonProgramming GoProgramming RustData analysis SQLData analysis BigQueryAnalytical mindsetLinux/UNIX systemsMachine learning familiarityCommunication skillsFast-paced environments

Required

Bachelor's or Master's degree in Computer Science, Information Security, or equivalent practical experience
2+ years of experience in Web Application Security, WAF rule development, incident detection, or threat research
Deep understanding of web protocols (HTTP/HTTPS), common web vulnerabilities, and exploitation techniques (OWASP Top 10)
Proven experience writing and optimizing WAF rules or custom detection logic
Hands-on experience with vulnerability analysis, exploit reproduction, or reverse engineering
Strong analytical mindset and comfort working with large data sets (SQL, ClickHouse, BigQuery, etc.)
Proficiency in at least one programming language such as Python, Go, or Rust for building automation tools or analysis scripts
Familiarity with Grafana or equivalent visualization tools to track rule performance and attack trends
Strong written and verbal communication skills - able to document, present, and collaborate effectively
Experience working in fast-paced environments with production-scale systems

Preferred

Experience with columnar databases like ClickHouse and advanced SQL query optimization
Familiarity with machine learning for security analytics (feature extraction, anomaly detection, model evaluation)
Solid understanding of Linux/UNIX systems, TCP/IP networking, and proxy architectures
Prior publications or conference presentations (e.g., Black Hat, DEF CON, BSides)
Contributions to open-source WAF projects or web security tools
Knowledge of WAF and bypassing WAF products with novel techniques
Experience on bug bounty/CTF is plus

Company

Cloudflare

twittertwittertwitter
Glassdoor3.3
company-logo
Cloudflare is a web performance and security company that provides online services to protect and accelerate websites online.
dateFounded in 2009
location
San Francisco, California, USA
people-size1001-5000 employees
web-link
http://www.cloudflare.com

H1B Sponsorship

Cloudflare has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (117)
2024 (115)
2023 (66)
2022 (98)
2021 (83)
2020 (37)

Funding

Current Stage
Public Company
Total Funding
$2.08B
Key Investors
Franklin TempletonFidelityUnion Square Ventures
2025-06-13Post Ipo Debt· $1.75B
2019-09-12IPO
2019-03-12Series E· $150M

Leadership Team

leader-logo
Matthew Prince
CEO & Co-Founder
linkedin
leader-logo
Lee Holloway
Co-Founder & Lead Engineer
linkedin

Recent News

The European Financial Review
Visa, Mastercard Race to Build AI Agents for Next Commerce Shift
2025-12-31
torrentfreak.com
Cloudflare Reports Surge in Streaming Piracy Takedowns, Removes 20k+ Storage Accounts
2025-12-29
TechRadar.com
Downtime caused historic issues in 2025 - but who lost out most?
2025-12-29
Company data provided by crunchbase