Security Researcher

Fastly helps the world’s most popular digital businesses keep pace with their customer expectations by delivering fast, secure, and scalable online experiences. Businesses trust the Fastly edge cloud platform to accelerate the pace of technical innovation, mitigate evolving threats, and scale on demand.

As a Security Researcher at Fastly you will help ensure our security efforts are rooted in a deep understanding of the state of the art in web application vulnerabilities, denial of service attacks and bot mitigation techniques and methods. We are looking for security researchers at all levels of seniority who enjoy investigating web application security threats to contribute intelligence to our security products and services. Qualified candidates will show an aptitude for discovering complex security issues that affect modern web sites. We encourage our security researchers to present at network and security conferences and participate in the security community. This is a role with a high impact, friendly security team. In addition to contributing to industry leading security products and services, you’ll make sure our customers benefit from a service built to the highest security standards in the industry. We’re in beautiful downtown San Francisco, but for the right candidate, we’re open to considering a remote position, and we have the team and tools in place to make it work.

* Stay on top of new developments in application and network security * Research security vulnerabilities in web applications and web application frameworks * Contribute to designing and developing mitigations against known and new vulnerability classes * Assess and perform deep dives into actual incidents and identify new exploitation techniques

* Be passionate about security and protecting our customers * Understanding of DDoS mitigation techniques * Proven ability to investigate and clearly communicate security vulnerabilities * Knowledge of vulnerability disclosure best practices * Knowledge of vulnerability research, like fuzzing, static analysis and exploitation techniques * Knowledge of web application security vulnerabilities such as XSS, CSRF, SQL injection, ways to mitigate them and bypass those mitigations * Strong multi-tasking abilities with attention to detail and the ability to dive deeply into issues * Excellent written communication skills * Excellent ability to build relationships with customers, security engineers and researchers * Development experience using Python, Go, Ruby or C/C++ is a plus