Detection Automation Engineer, Bot & Fraud Detection

Fraud detection is adversarial systems engineering.

It’s a cat-and-mouse game.

A common response is predictable: add more rules, hire more analysts, tune thresholds, stack another model on top of the 50 already running in production.

It works for a while. Then the system becomes fragile, opaque, and harder to reason about. Rules overlap. Models fight each other. False positives creep up. Eventually nobody can clearly explain why a request was blocked.

We’re not interested in building that.

Castle is a small, profitable team building a real-time trust layer for modern platforms.

Instead of scaling headcount or patching edge cases, we try to understand how attackers actually operate and design systems that make entire classes of abuse harder, not just the latest variant.

We prefer detection systems that are simple enough to reason about, observable in production, hard to game, and able to evolve without collapsing under their own weight.

We care about systems that survive browser releases, new automation frameworks, fingerprint manipulation techniques, and traffic growth — without blocking legitimate users or turning into rule spaghetti.

This approach is slower at the beginning, but it compounds over time.

We’re looking for someone who has worked on real-world bot or fraud detection engines at scale.

• You’ve blocked traffic at volume. You’ve dealt with false positives that hurt real users. Maybe you’ve even seen a detection model accidentally block one of the biggest websites or apps in the world — and decided you never want that under your watch again.

• You’ve seen detection systems become unmaintainable. You understand latency constraints and business tradeoffs. You know when ML genuinely improves outcomes — and when a deterministic or statistical approach is cleaner and more robust.

• You think adversarially. You care about clarity. You design systems that survive contact with reality.

If that resonates, we should talk.

(And yes, since this is a job post: we pay US-level salaries globally, we’re remote-friendly in Europe, and we care more about outcomes than hours.)