Anti-Bot & Fraud Researcher
Accounting & Finance
Europe · Africa · Middle East
We're looking for someone who's genuinely fascinated by how fraudsters operate online and enjoys sharing what they learn.
The kind of person who reverse engineers anti-detect browsers just to understand how they work. Who opens DevTools on a random website because they're curious which anti-bot vendor is protecting it. Who can't resist taking apart a new browser automation framework to see what changed.
If that sounds familiar, keep reading.
At Castle, we help companies like Lovable, Canva, and Rockstar Games stop bots, fake accounts, credential stuffing, and account abuse.
Research is one of the reasons our product keeps improving.
We believe the best way to build great detection systems is to constantly study the people trying to bypass them. That means spending time where attackers spend time: following Telegram channels, Discord communities, GitHub repositories, and underground forums. Reverse engineering their tools. Understanding how their techniques evolve. Running experiments to separate hype from reality.
Everything we learn feeds back into Castle. Sometimes it becomes a new detection technique. Sometimes it changes how we think about a problem. Sometimes it's something we can publish to help the wider security community understand how attackers operate.
You'll join a team that's already doing this every day. We spend our time reverse engineering browser automation frameworks, analyzing browser fingerprinting techniques, breaking apart obfuscated JavaScript, investigating fraud infrastructure, evaluating ML-based detection approaches, and generally trying to understand where attackers are going next.
To be completely transparent, this is also how we market Castle.
We don't believe trust is built through generic security webinars, SEO articles, or commenting on whatever topic is trending on LinkedIn this week.
We believe the best marketing is producing original technical research that's useful enough people would read it even if Castle's name wasn't on it.
We'd rather publish one piece of research that becomes a reference across the industry than fifty pages of AI-generated slop.
What you'll spend your time doing
• Reverse engineer tools used by attackers, from anti-detect browsers to browser automation frameworks and fraud kits.
• Monitor Telegram channels, Discord communities, GitHub repositories, and other places where new techniques emerge.
• Design and run experiments to understand how modern fraud actually works.
• Write technical blog posts, research reports, and deep dives based on your findings.
• Build open-source tools, datasets, and demos that make your research useful to others.
• Present your work at technical conferences.
• Work closely with engineering to turn research into better detections, product improvements, and internal tools.
We care far more about impact than output. We'd rather publish one piece of research that practitioners bookmark and reference than release something every week just to keep a content calendar alive.
What we're looking for
This isn't an entry-level research role.
You should already have experience in bot detection, browser fingerprinting, browser automation, fraud detection, or a closely related area. You should enjoy understanding how attackers build, evolve, and bypass systems.
Just as importantly, you should already have a track record of sharing your expertise.
Maybe you've written technical blog posts. Maybe you've spoken at conferences. Maybe you've published research, contributed to open source, or built tools that other practitioners use.
We don't care much about the format. We do care that you've become good at something and have consistently shared that knowledge with others.
Experience in some of these areas is a strong plus:
• Browser fingerprinting
• Browser automation (Playwright, Puppeteer, Selenium)
• Anti-detect browsers
• Reverse engineering
• Threat intelligence
• Fraud detection
• JavaScript internals and modern browsers
• Web security
A few things worth knowing
• You'll work directly with our research and engineering teams with very little bureaucracy.
• We optimize for depth, curiosity, and technical excellence, not publishing cadence.
• We pay globally competitive salaries.
• Flexible working hours, unlimited PTO, paid parental leave, and we'll make sure you have the equipment you need to do your best work.
If you've made it this far and think you'd enjoy this role, send us a short email with your LinkedIn, GitHub, blog, research, or anything else you're proud of. We'd much rather see something you've built, written, or discovered than read a polished cover letter.