Security Researcher

Join to apply for the Security Researcher role at cside

We’re looking for a Security Researcher to keep an eye on emerging threats. Dig into their methods, scope improvements in our detection systems and collaborate with the engineering team internally.

cside is laser‑focussed on solving web security in the AI age, starting with client‑side injections and covering previously unmonitored attack surfaces in a developer and user friendly way. Since January 2024, cside has raised $7.7 million in pre‑seed & seed funding from Uncork Ventures, Mantis Ventures, Scribble Ventures, Roar VC, Dan Scheinman, Jason Warner, Kathy Korevec and many more. The team is a diverse mix of highly capable subject matter experts – we’re kind, but we mean business.

We’re recognized by global media outlets like Tech Crunch, Wired, Fortune, Forbes and many more.

You’re the face of the security detections team. Discovering new attacks and sharing it with the world.

• Keep an eye on attacks around the world.
• Leverage our traffic data to spot new attack methods.
• Scope a detection method if a new one is necessary, use existing attributes where possible to detect the attack and ship it.
• Lead the detection strategy, detection & response.
• Review detections that come in. We have a lot of broader signals we do not expose publicly; some may catch something we’ll want to narrow down on.
• Lead our Security Research and content effort. When we find a malicious script that impacts over 1,000 websites we ALWAYS blog about it immediately.
• Build new detection methods and rules for new attacks. A deep understanding of JavaScript helps, as client‑side attacks often revolve around JS.
• Proactively define detections for client‑side behaviours that can be malicious and review this against our script data.
• Use and build internal tools to detect never‑seen before attacks.

• You love a cat and mouse game!
• The fact that you are in a key position to stop bad actors from impacting unknow[ing] individuals motivates you.
• You have a deep understanding of JavaScript, browsers and ideally also some background in Rust and Yara rules.
• Finding the gap between the specification of client‑side JS and how JS engines are built is a hobby project for you.
• You’ve participated in capture‑the‑flag events or regularly spend time doing white‑hat hacking or bug bounties.
• You’re self‑managing and want to disrupt the client‑side (and web) security market.
• You have at least 3–5 years prior work experience.

• We’re constantly learning and developing better, we grow together.
• We do not ship half projects, we do not sell snake oil, we don’t cut corners – out of respect for our team, our customers and our community. We put a dent in the universe by building good products.
• We believe in strong opinions loosely held. We’re passionate and we strive to build the best thing together. The impact of our work is all that matters.

• 2–3 offsites per year (this changes from time to time)
• Generous work‑from‑home allowance
• Latest Mac Book
• Stock options
• Market rate salary
• Take what you need PTO
• Fully remote
• Our team is invested in your long‑term career development. If you want to talk at events, we’ll make that happen; if you want to learn how to build your own startup one day, we’ll offer you a front‑line seat. Cside is built by folks like you.

We do not select or discriminate based on formal educational background, age, skin tone, religion, national origin, sexual orientation, gender identity, disability status, marital status, veteran status… we’re welcoming all and celebrate equal opportunities.