Since 2016, Wallarm has been on a mission to secure the internet's critical infrastructure: APIs. Today, we are the trusted choice for over 200 of the world's most innovative companies, from high-growth startups to Fortune 500 and Nasdaq leaders. Our unified platform provides full-lifecycle API security — helping teams discover their attack surface, protect against modern threats, and respond to incidents in real-time. As a graduate of Y Combinator and fueled by a recent $55M Series C, we are scaling our global, remote-first team of 150+ innovators to solve the next generation of security challenges.
We're building ML-powered detection systems that protect APIs from automated abuse credential stuffing, scraping, enumeration, and attack patterns that evolve daily. This is a greenfield effort: we have the data and the ideas, but the ML infrastructure, pipelines, and models need to be built from scratch.
You'll be the first dedicated ML engineer on the team, working closely with engineers, security researchers and DevOps. This is a senior IC role with a clear path to technical leadership - we plan to grow the ML function around this hire.
Build the ML stack from the ground up - Design and implement the data pipelines, feature extraction, model training, and serving infrastructure needed for production-grade anomaly detection.
Detecting anomalies in API traffic - Your first major outcome: build a system that identifies malicious behavioral patterns across client sessions with high precision and recall, trained per-client.
Own the full lifecycle - From raw data exploration and feature engineering through model development, evaluation, deployment, and continuous monitoring. No handoffs to a separate "productionization" team.
Design experiments and metrics - Build offline evaluations, define detection-quality metrics, and monitor for false positives, drift, and adversarial adaptation.
Work with text and structured behavioral data - Extract signals from API sessions, request sequences, payloads, and traffic metadata using NLP and statistical techniques.
Leverage LLMs where they add value - Explore embedding-based models and LLM-augmented approaches for signal enrichment, classification, and explainability.
Shape the technical direction - Document findings, present to cross-functional teams, and help define the ML roadmap as the team grows.
What We're Looking For
Required
5+ years in Applied ML or ML Engineering with production deployment experience (not research-only backgrounds).
Strong NLP / text data experience - hands-on work with text classification, pattern extraction, tokenization, embeddings, or similar. This is the core of the work.
Proficiency in Python and production-grade systems (APIs, data pipelines, model serving).
Solid data engineering skills - experience building ETL/data pipelines, working with batch and streaming data, and understanding the full ML data lifecycle (DAGs, data versioning, feature stores).
Deep hands-on experience across ML fundamentals: classification, anomaly detection, clustering, statistical methods - and the judgment to choose the right approach for a given problem.
Comfort with imperfect data - noisy labels, class imbalance, evolving distributions - and practical strategies for labeling, evaluation, and shipping reliable models.
End-to-end ownership mindset - ability to take a problem from raw data to production deployment, working with DevOps to stand up the necessary infrastructure.
Strong experimentation skills: prototype fast, design rigorous evaluations, measure outcomes, reason about trade-offs (cost, quality, latency).
Strongly Preferred
Experience in domains where adversaries actively adapt to detection (fraud, bot mitigation, abuse prevention, spam). The ML mindset of handling concept drift and adversarial evasion matters more than specific domain knowledge.
Familiarity with ML lifecycle tooling: experiment tracking (MLflow, W&B), model versioning (DVC), weak-supervision tools (Snorkel, cleanlab), drift monitoring.
Experience with big data / streaming stacks (Spark, Kafka, BigQuery) or cloud ML platforms (AWS SageMaker, GCP Vertex).
Background in security research or threat intelligence (not required - domain context can be learned).
Who Thrives Here
You're a full-stack ML engineer - equally comfortable building a data pipeline and tuning a model, designing an experiment and deploying it to production.
You've built from scratch before - you know what it takes to go from "we have data and ideas" to "we have a working detection system."
You're energized by ambiguity and ownership - this isn't a well-scoped ticket queue, it's an open problem space where you define the path.
You're ready to grow into leadership - mentoring engineers, shaping technical strategy, and owning the ML roadmap as the team scales around you.
You leverage modern tools (AI-assisted development, LLM-augmented workflows) to move faster without cutting corners.
APIs – the driving force behind AI-based innovation, modern applications, and cloud infrastructure – are the #1 attack vector for cybercriminals.
Existing tools don’t have API security controls, and many API security solutions are simply observability tools that can’t prevent attacks without complex and unreliable deployments and significant human investment.
Wallarm is the API security platform that is the fastest, easiest, and most effective way to stop API attacks. Customers choose Wallarm to protect their applications and AI agents because the platform delivers a complete inventory of APIs, patented AI/ML-based abuse detection, real-time blocking, and an API SOC-as-a-service. Unlike other API security solutions that create alerts for all suspicious behavior, Wallarm’s technology and teams are aligned to fix your API security problems – not just find them. Wallarm is easily deployed inline to block attacks and our expert API SOC team gives you peace of mind 24/7/365.
Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.
