Threat Research Engineer (Client Side)

⭐ About the team:

Made up of six subteams (Dashboard, Engine, Infrastructure, Integrations, Threat Research & Security), the DataDome tech team is spread across Europe and the US. We handle over 2 000 billion events per day giving responses within 3ms (99p). We are present in more than 29 data centers around the world, deployed using Docker.

We deploy on AWS, Scaleway and GCP, using Docker, Ansible and Terraform, and monitor with Grafana and Prometheus. We handle an average of  8 billion requests per day and manage more than 300 TB of data per month.

When it comes to our stack, we run real-time detection layer in Java, low latency Stream Engine running on Flink in Scala, ElasticSearch for storage, Kafka for communication between layers, HAProxy for load balancing, Symfony & Angular for our dashboards. While previous experience in cyber is not a must, we'll pair you with mentors who will help you bridge the gaps. As #growth is part of our DNA, we’ll give you the resources and support you need to develop mastery.

 

You will integrate the Threats Research team which is responsible for constantly improving the detection capabilities through client-side technologies.

Your goal will be to challenge and improve our detection capabilities.

👉 Responsabilities:

• Internal bot detection red team:
  • Challenge our bot detection mechanisms to ensure we properly detect bots. Create tools to automate this process.
  • Help detect bypasses proactively by analyzing different modules as well as potential misconfigurations on our customer websites
• Improve client-side bot detection:
  • Add new signals to our client-side scripts to collect browser fingerprints capable of detecting advanced bots
  • Improve security and resilience of our JavaScript code by implementing obfuscation techniques to prevent reverse engineering
  • Collaborate with mobile team to collect new signals in our SDK to improve mobile bot detection
• Research
  • Collaborate with other member of the threat research teams as well as member of other teams to implement new approaches to improve bot detection
• Communication:
  • Share your results externally using appropriate communication medium, such as meetups, conference talks, academic papers, blog posts

👤 It would be great if you have:

• At least 5 years of experience programming in JavaScript
• Strong computer science background
• Experience dealing with bots or malware
• Strong knowledge of web and network infrastructures
• Strong knowledge of web client side technologies
• A "hacker" spirit
• Good communication skills (oral and written)

Nice to have

• Previous experience in a Cyber Security company
• WebAssembly experience
• Compilers experience

What’s in it for you?

• Flex Life: While we offer remote, hybrid, & in-office options each position specifies the level of flexibility. Our Parisian office is located next to the Opera Garnier. You will also receive a 500€ stipend to help you set up your ideal workspace if you work hybrid or remotely.
  • If you are full remote, the SNCF dicount card is paid for you to come to our office to visit us & your team!
• Generous Health Benefits: We have partnered with Kenko for your healthcare needs.
• A 100€ annual allowance is provided for a leisure activity of your choice in Sports or Culture.
• Annual allowance of €200 if you come to the office by bike to cover maintenance costs.
• Professional Development: #Weaimhigh is part of our DNA, therefore we have invested in an internal Learning and Development platform and offer the opportunity to request additional training and support via your manager.
• Events & Team building: #We care and we have fun! We organise Annual Company-Offsite, Events, Drinks, Winter Party, Lunch & Learns and much more are part of our Culture
• PTO: Based on the country you are based from (e.g. 25 days in France).

What are the next steps?

• You x Talent Acquisition Manager : first interview and cultural fit
• You x Engineering Manager : technical and cultural fit + Take-home technical challenge
• You x Team: Presentation and review of your "technical proposal" with the team
• You x Member of the leadership team - Discussion about DataDome vision and "raison d'être"!
• Now you really met everyone! Welcome to DataDome :)

DataDome stops cyberfraud and bots in real time, outpacing AI-driven fraud from simple to sophisticated across your sites, apps, and APIs. Named a Leader in the Forrester Wave for Bot Management, the DataDome platform is built on a multi-layered AI engine that focuses on intent, not just identity. Because it’s not about knowing who’s real, it’s about what they intend to do. With thousands of AI models that adapt to every fraudulent click, signup, and login, DataDome blocks fraud in less than 2 milliseconds, without compromising performance. DataDome is fully automated and integrates seamlessly into any tech stack. Backed by a 24/7 SOC team of advanced threat researchers, DataDome stops over 350 billion attacks annually. Experience protection that outperforms with DataDome.

DataDome is an equal opportunity employer, and proud to be committed to diversity and inclusion. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.