Security Researcher - ModSecurity

  • Category: Research & Development
  • Team: Security Research
  • Location: Waterloo, Ontario


Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit

Trustwave SpiderLabs is the advanced security team responsible for security research, application security, incident response and penetration testing for Trustwave's clients. In addition, Trustwave SpiderLabs performs 3rd party security reviews and intelligence for Trustwave's products and provides security thought leadership to the entire organization. Members of Trustwave SpiderLabs are frequently asked to speak at security conferences around the world.

Trustwave SpiderLabs has research facilities in Chicago, New York, Sao Paulo, California, Waterloo, Israel and Auckland.

We are looking for a Security Researcher to join our SpiderLabs ModSecurity Research Team which supports open source ModSecurity ( web application firewall and Trustwave WAF. This position will split time between supporting ModSecurity commercial customers and researching web application threats and countermeasures. 

Responsibilities will include tracking new trends in the web application security field, conducting vulnerability research on web applications attacks (such as SQL Injection and Cross-site Scripting), analyzing new threats and developing defensive protections including WAF rule writing.  The successful candidate will also be called upon to work with commercial WAF customers during professional services engagements.  This is a rare opportunity to work in a fulfilling role as part of a small team that is breaking new ground in the application security space. Trustwave is an exciting company with excellent customer ratings and outstanding growth rates


  • Experience with ModSecurity WAF and its rule language
  • Experience in web server vulnerability research (prior experience with client-side vulnerability research – an advantage)
  • Experience with regular expressions and writing exploit, vulnerability and attack detection signature
  • Experience working and communicating with customers
  • Bilingual English, verbal and written

Additional Plus Competencies:

  • Contribute to the design of the ModSecurity open source WAF
  • Programming skills: Any server-side web technology, C++, LUA, Python, Ruby
  • Experience with DevOps/System Administration


We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.