The Bot Detection Engineer is responsible for analyzing, implementing, and operating solutions that detect, analyze, and mitigate automated bot traffic across digital platforms, including web, mobile, and APIs. This role focuses on protecting ecommerce and customer facing applications from credential stuffing, scraping, account takeover, fraud, and abuse, while minimizing friction for legitimate users. The engineer partners closely with application teams, fraud, SRE, and security operations to continuously tune detection logic, respond to evolving attacker techniques, and improve overall digital resilience.
Duties & Responsibilities
Considered a high -level specialist who regularly interacts and works with senior management.
Uses advanced techniques, theories, and processes to complete work. Next step is typically management.
Typically reports to a department head or manager.
Performs work independently.
Competencies: Technical expertise. Problem -solving skills. Interpersonal skills. Leadership skills.
Ecommerce Fraud Attack Types, familiarity with:
· Credential stuffing / ATO (high -velocity login attempts, distributed IPs, low -and -slow)
· Carding (payment endpoint probing with small authorizations)
· Scraping (catalog/search/product detail harvesting, pricing intelligence)
· Scalping / inventory denial (add -to -cart / checkout automation)
· Promo/gift card abuse
Telemetry + logging mastery: They should be comfortable using and correlating:
· WAF/CDN logs (Akamai, Cloudflare, Fastly, etc.)
· Application logs (auth events, checkout errors, user agent hints)
· API gateway logs
· SIEM (Splunk/Kusto/Sentinel) for investigations and dashboards
Skills to target:
· Feature engineering (rate, burst, entropy, distribution anomalies)
Baselines (normal traffic vs anomaly)
Detection tuning (reduce false positives without losing coverage)
Building golden signals: login failure rate, unique IPs per account, new device rate, checkout abandonment spikes, 4xx/5xx patterns
Web, HTTP, and Browser Automation Understanding (Must -Have)
Protocols + client behavior
· Deep understanding of HTTP (headers, cookies, caching, redirects, TLS)
Browser/runtime differences: headless Chrome, Playwright/Puppeteer, Selenium
Bot fingerprint concepts:
o JS execution signals
navigator / canvas / WebGL anomalies
cookie integrity, token binding ideas
TLS / JA3 -style fingerprinting (conceptually)
Edge/WAF/CDN Rule Engineering (Must -Have)
· Writing and tuning WAF rules / bot policies
Rate limiting strategies (global, per IP, per session, per account, per ASN)
Challenge flows (JS challenge, CAPTCHA, proof -of -work style concepts)
Allowlist/denylist governance (and how allowlists get abused)
Release discipline:
· Staged deployment: monitor â alert â soft block â hard block
A/B testing of mitigation to protect conversion