Security Researcher & Analyst - Application Security

Confirmed live in the last 24 hours

Cloudflare

Hybrid

Posted March 4, 2026

Job Description

About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company.

At Cloudflare, we’re not looking for people who wait for a polished roadmap; we’re looking for the builders who see the cracks in the Internet that everyone else has simply learned to live with. We value candidates who have the instinct to spot a "normalized" problem and the AI-native curiosity to create a solution using the latest tools. Our culture is built on iteration, leveraging AI to ship faster today to make it better tomorrow, while ensuring that every improvement, no matter how small, is shared across the team to lift everyone up. If you’re the type of person who values curiosity over bureaucracy, and that AI is a partner in solving tough problems to keep the Internet moving forward, you’ll fit right in.

Available Locations: Bengaluru, India

About The Department

Cloudflare’s Application Security department builds and runs the software that detects and mitigates malicious, abusive, and fraudulent HTTP requests going through Cloudflare network before they reach our customer sites. We achieve this by harnessing the vast amount of internet traffic data available to us to create and manage products including WAF, Bot Management, Fraud Detection and more. We use state of art Artificial Intelligence and Machine Learning techniques in security attack detection and mitigation. The team is a multidisciplinary team where system and software engineers, security researchers and analysts, and data scientists work together to identify active adversaries or attackers, and design and implement machine learning models and engineering solutions to protect customers from these security attacks.

What You’ll Do

Hands-on experience working with threat detection and prevention product engineering teams, recognizing vulnerabilities and configuring mitigations or managing risks in existing and new products.
Apply a deep understanding of security vulnerabilities in web application and application security.
Reverse and research n-day exploits, proactively detect patterns of bot and fraud attacks, review false positive and false negative reports, and recommend security configurations.
Excellent at communicating the details about security forensics to technical and non-technical audiences. Including writing public facing research blogs.
Authoring periodic report on trends on Internet traffic and security attack insights
Experience with modern cloud-based technologies used to deliver rapidly-changing products at scale.
Conduct penetration testing to identify security gaps and potential exploits across applications and services.
Develop, maintain, and enhance security dashboards to monitor and analyze attack trends, bot activity, and fraud detection metrics.
Leverage strong coding skills to build and automate security tools, improve system engineering workflows, and develop new security rules and heuristics.

Examples of desirable skills, knowledge and experience.

A degree in computer science, IT, systems engineering, or related qualification.
4 years of work experience with incident detection, incident response, forensics, reverse engineering, security research or similar.
Ability to work under pressure in a fast-paced environment.
Strong attention to detail with an analytical mind and outstanding problem-solving skills. Excellent organizational skills.
Great awareness of cybersecurity trends and hacking techniques.
Demonstrated results