Companies that use Imperva

Source: Analysis of job postings that mention Imperva (using the Bloomberry Jobs API)

I noticed that Imperva purchasing decisions are led by senior security leadership, with 18 of 70 job postings being leadership roles like Directors and VPs of Information Security, Cybersecurity Engineering, and IT Security. These leaders prioritize building resilient security operations, protecting critical infrastructure, and maintaining compliance with standards like PCI-DSS, SOX, and GDPR. They're hiring to expand WAF capabilities, database security, and detection and response capabilities across hybrid cloud environments.

The majority of day-to-day Imperva users are individual contributors in security engineering and operations roles. Security engineers deploy and configure Imperva solutions including Cloud WAF, Database Activity Monitoring (DAM), and bot protection. They tune policies, create custom rules, onboard applications, troubleshoot incidents, and integrate Imperva with SIEM platforms like Splunk. SOC analysts monitor Imperva alerts for threats like SQL injection, credential stuffing, and API abuse, then coordinate remediation with application teams.

The pain points that emerge consistently involve protecting web applications and databases at enterprise scale. Organizations seek professionals who can "minimize the business impact of a major incident," "protect mission-critical applications," and ensure "optimal uptime" while defending against evolving threats. One posting emphasizes the need to "finetune WAF rules and troubleshoot WAF-related issues" to reduce false positives. Another highlights protecting "sensitive data and maintain compliance with relevant regulations." These companies are clearly focused on balancing security effectiveness with operational efficiency across complex, global infrastructures.

Source: Analysis of Linkedin bios of 3,302 companies that use Imperva

I analyzed these companies and found that Imperva's customers span an incredibly diverse range of operations, but they share a common thread: they handle sensitive data at scale. These aren't just tech companies. I see healthcare providers running hospitals and medical centers, financial institutions including banks and insurance companies, utilities managing critical infrastructure, media companies, retailers, government agencies, and educational institutions. What unites them is that they're all operating essential services where data breaches or downtime would have serious consequences.

The employee counts and funding stages tell me these are predominantly mature enterprises. I see many companies with 500 to 5,000+ employees, and when funding is listed at all, it's usually debt financing, post-IPO equity, or private equity rather than early venture rounds. There are very few startups here. Most describe decades of history, some going back over a century. These are organizations with established operations, regulatory requirements, and complex legacy systems.

Source: Analysis of tech stacks from 3,302 companies that use Imperva

I noticed that Imperva users are enterprise companies with serious security maturity and complex compliance requirements. The overwhelming presence of GlobalSign (82x more likely) and Proofpoint Email Security tells me these are organizations that have moved far beyond basic security measures. They're running comprehensive security programs that protect multiple attack surfaces, from web applications to email to digital certificates.

The pairing of Imperva with Zscaler Private Access is particularly revealing. These companies aren't just protecting their perimeter, they're implementing zero-trust architectures where users access applications through secure gateways. Add in Dynatrace for application performance monitoring, and you see organizations that need both security and observability at scale. They can't afford downtime or performance degradation, so they're monitoring everything while keeping it locked down. OneTrust appearing so frequently suggests these are companies dealing with GDPR, CCPA, and other data privacy regulations. They need consent management because they're handling sensitive customer data across multiple jurisdictions.

The full stack screams mature, sales-led enterprises in regulated industries like finance, healthcare, or large SaaS providers. The presence of DocuSign's Intelligent Agreement Management reinforces this. These companies have complex sales cycles with contracts that require legal review and secure digital signatures. They're not startups moving fast and breaking things. They're established organizations with revenue to protect, compliance officers to satisfy, and likely serving other enterprises as customers who demand security certifications.