Appdome is a fast-growing SaaS company specializing in innovative security, defense, anti-fraud and anti-bot solutions for mobile applications. We provide enterprise customers with cutting-edge AI-driven technology with a no-code solution and platform for building, releasing, monitoring, and managing Appdome-protected mobile applications. This role is hybrid for candidates in the San Francisco Bay Area and must be commutable to our campus based in Redwood City, CA

As a global leader in application security, we protect the APIs and digital experiences that power modern organizations. Our mission is simple: help customers prevent account takeover, automation abuse, scraping, fraud, and API exploitation—without breaking performance or user experience.

We work with teams across industries who rely on our platform to keep their businesses running and their customers safe.

We value builders who take ownership end-to-end: from threat modeling and integration design, to shipping reference code, to proving outcomes in the field. If you’re excited by hands-on security engineering and enjoy working directly with customers, this role is for you.

About the role

We are seeking an API Protection & Bot Defense Consultant (Field Engineering) – NAM to join our customer-facing engineering organization.

This role owns the technical success of our API protection and bot defense deployments across North America. You’ll function as a cross-functional subject matter expert—partnering with Sales, Product, and Customer Success—while staying deeply hands-on. You will maintain multi-vendor integration/test environments, own reference integrations and code artifacts, lead technical evaluations, and guide customers from POC to production.

What you’ll do

• Lead technical planning, implementation, documentation, and testing of API protection and bot defense solutions across customer environments.
• Own and maintain integration environments across major cloud, CDN/WAF, and edge platforms (e.g., AWS, Azure, GCP; Cloudflare/Fastly/Akamai; F5/NGINX/Imperva, etc.).
• Build and maintain reference integrations (edge scripts/policies, gateways, middleware, SDK integration patterns, sample apps) and keep them production-grade.
• Run architecture reviews with customers and prospects; assess current posture and propose target-state designs aligned to best practices.
• Create and refine threat models for automation abuse and API attack surfaces (credential stuffing, scraping, ATO, token replay, bypass paths, device/session impersonation).
• Define security requirements by evaluating business needs, data flows, and constraints; translate requirements into implementation plans and success criteria.
• Execute POCs and production onboarding: test plans, attack simulation, telemetry validation, tuning, and go-live readiness.
• Produce crisp technical artifacts: runbooks, diagrams, configuration guides, rollout strategies, and troubleshooting playbooks.
• Provide ongoing technical account coverage: escalations, root-cause analysis, proactive hardening recommendations, and roadmap feedback from the field.
• Stay current on emerging threats, standards, and patterns in API security and bot/fraud prevention, and share learnings internally.

What you’ll need

• Successful candidates will have extensive experience in the following areas:
• API security and modern abuse patterns (OWASP API Top 10 familiarity; auth/session weaknesses; rate limiting; anomaly detection; bot mitigation strategies).
• Bot defense / fraud / automation concepts: ATO, credential stuffing, scraping, session integrity, device signals, behavioral/telemetry-driven enforcement.
• Security architecture design for distributed systems spanning edge, gateway, and backend services.
• Cloud and network security in environments such as AWS / Azure / GCP; strong fundamentals in TLS, HTTP, proxies, headers/cookies, certificates, DNS.
• WAF/CDN/edge integration patterns (policies, rules, worker scripts, reverse proxy deployments).
• Orchestration and automation: CI/CD, test harnesses, traffic replay/simulation, environment-as-code.
• Scripting and tooling (Python/Node/Go—at least one strong), Git workflows, debugging in live environments.
• Ability to communicate clearly with both engineers and executives and to operate effectively in a customer-facing role.

• Experience with edge compute (Cloudflare Workers, Fastly Compute, Akamai EdgeWorkers) and/or NGINX/F5 advanced configurations.
• Familiarity with mobile networking/security (iOS/Android stacks, certificate pinning, device identity/attestation signals) and how mobile signals inform backend enforcement.
• Security certifications (GIAC, CompTIA, ISACA, (ISC)²) or equivalent demonstrated expertise.
• ·Bachelor’s degree in Cyber Security, Computer Science, or a related field (or equivalent experience)

At Appdome, your base pay is one part of your total compensation package.Your base pay will depend on several factors, including your experience, qualifications, education, location, and skills. If you are considered for a different level, a higher or lower pay range would apply. This position is also eligible for an annual performance bonus, equity, and a competitive benefits package.

Our compensation ranges apply to all US-based job postings regardless of state.

All full-time regular employees are eligible for equity, health, dental & vision insurance plans, 401k savings plan, parental leave, wellness benefits, time off, paid holidays. Benefits are subject to change.

At Appdome, we celebrate differences and are committed to a diverse workplace that fosters inclusion and psychological safety for all employees. Appdome is proud to be an equal opportunity employer and expressly prohibits any form of workplace discrimination based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, veteran status, or any other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

The role is not eligible for Immigration Sponsorship. Please note that we will not sponsor applicants for work visas for this position.