Best Egg

Senior Lead Security Engineer – Bot Management

Job Description

The Senior Lead Security Engineer – Bot Management is a key member of the Information Security organization responsible for developing, deploying, and maturing Best Egg’s enterprise bot-mitigation and service-abuse prevention strategy. This role leads the engineering and cross-functional coordination required to protect customer-facing channels and backend services from automated abuse, fraudulent activity, and system-degrading traffic, while contributing to long-term resiliency and service stability.
 
This position is well-suited for experienced security, fraud, or application engineers who have worked with high-scale web systems and are seeking to specialize in bot mitigation and automated-abuse prevention. While direct bot-management experience is valuable, it is not required; success in this role is driven by strong engineering fundamentals, analytical ability, and the capacity to lead complex, cross-functional efforts.


Additionally, the Senior Lead Security Engineer will:
  • Design, deploy, and optimize bot-mitigation and service-abuse controls, including WAF configurations, rate limiting, behavioral/velocity checks, challenge/attestation frameworks (e.g., Cloudflare Turnstile), device-telemetry validation, and API/form hardening.
  • Develop and maintain automated detection capabilities leveraging IP/ASN intelligence, identity patterns, traffic analytics, and anomalous behavior models.
  • Lead bot-related incident response activities, including triage, containment, root-cause analysis, and long-term remediation planning to support platform stability and operational continuity.
  • Partner closely with Engineering, DevSecOps, Fraud Strategy, Fraud Operations, Data, and Product teams to integrate preventive and detective controls across the customer funnel.
  • Drive the long-term bot-mitigation roadmap and capability vision in partnership with Engineering, Product, Fraud, Data, and DevOps, ensuring alignment with enterprise risk-reduction, platform resiliency, and operational efficiency goals.
  • Establish monitoring, reporting, and multi-signal decisioning (signal-fusion) mechanisms to provide visibility into bot activity, control effectiveness, system performance impacts, and operational risk indicators.
  • Evaluate new tools, technologies, and techniques related to bot detection, behavioral analytics, device attestation, signal fusion, and automated-abuse prevention; develop recommendations based on threat trends, performance considerations, and business requirements.
  • Produce architectural documentation, detection logic specifications, technical standards, and operational runbooks that support scalable and repeatable defense capabilities.
  • Guide engineering teams in embedding resilient security patterns into web and API designs and influencing product flows to reduce automated-abuse exposure.
  • Mentor team members and contribute to the broader security engineering and service-abuse management knowledge base.

    • Development:
  • Bachelor’s Degree in Information Security, Computer Science, Engineering, or equivalent work experience.
  • 5+ years of experience in Security Engineering, Application Security, Detection Engineering, or Fraud/Abuse/Risk Engineering.
  • Strong understanding of web architecture, microservices, RESTful APIs, and common automation-abuse vectors.
  • Experience with WAF/CDN platforms, API security, or cloud-native security constructs (AWS preferred).
  • Ability to analyze high-volume web data to identify automated, anomalous, or abusive patterns.
  • Familiarity with automation or scripting languages (e.g., Python) for detection logic, data analysis, or security-control deployment.
  • Experience with CI/CD processes, infrastructure-as-code, and security automation tools is a plus.
  • Demonstrated ability to produce high-quality technical documentation, architectural diagrams, and detection logic specifications.

    • Leadership:
  • Proven ability to lead complex cross-functional initiatives involving Engineering, DevOps, Product, Data, and Fraud teams.
  • Comfortable interpreting, validating, and challenging business and technical requirements related to service-abuse prevention and automated-traffic protection.
  • Ability to clearly communicate technical concepts, risk implications, emerging trends, and recommended actions to stakeholders at all levels.
  • Demonstrated experience influencing engineering architecture, operational processes, and product decisions to strengthen security controls and system resiliency.
  • Strong organizational skills, capable of driving multi-team execution while maintaining clarity of priorities and timelines.
  • Ability to coach and mentor team members and contribute to the maturity of the broader security engineering function.

    • Culture:
  • Advocates for Agile methodologies, iterative improvement, and cross-functional collaboration.
  • Effective operating in a fast-paced environment emphasizing shared ownership, service reliability, and partnership across disciplines.
  • Committed to continuous learning and staying current with emerging threats, automation techniques, bot-evasion tactics, and advancements in bot-mitigation technologies.
  • Able to challenge assumptions constructively and support consensus-driven decision-making.
  • Values knowledge sharing and contributes to organizational capability-building.
  • Works effectively both independently and as part of a team.
  • Excellent written and verbal communication skills.

    • Apply Now
    Job Summary

    Senior Security Engineer, Security Operations

    Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtuall

    • Senior
    • USA Only
    • 7 days ago

    Staff Application Security Engineer

    About AlphaSense: The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on pr

    • USA Only
    • yesterday

    Security Engineer

    Laravel is a globally distributed software company behind one of the world’s most popular web application frameworks. Our tools and platforms help millions of developers

    • Sweden Only
    • 9 days ago

    Senior Security Engineer

    About MagpieAt Magpie, we envision a world where every child, no matter their background, becomes a confident reader. Our nonprofit team combines research-backed instruct

    • Senior
    • USA Only
    • 19 days ago