Principal Security Engineer, Web Application Firewall

It's fun to work in a company where people truly BELIEVE in what they're doing!

Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish by providing their customers with seamless experiences. With a dynamic and growing team of 1,700 employees, we are committed to driving innovation and delivering best-in-class software and payment solutions that empower small and medium-sized businesses across numerous industries. Our purpose is to help our customers grow their businesses and delight their customers. Join us and be a part of a forward-thinking company that values growth, excellence, and the success of our clients.

We are seeking a highly skilled and experienced Principal Security Engineer to join our growing Information Security team.  The Principal Security Engineer will be responsible for architecting, engineering, and deploying run-time software security solutions such as WAF (web application firewall) and ADR (application detection and response). This position requires a deep understanding of common software architectures and security solutions that detect and disrupt web application and services exploitation.

Primary Responsibilities:

• Evaluate the network and software architecture of business units to recommend strategic runtime application security solution(s)(e.g., WAF, ADR).
• Build internal partnerships and consensus on a runtime application security solution, deployment plan, timelines, and lifecycle responsibilities.
• Engineer and implement comprehensive security solutions tailored to the specific needs of each business unit, ensuring optimal protection against runtime threats.
• Collaborate with business units and security teams to develop and execute a strategic plan for long-term detection, monitoring, and incident response related to runtime security.
• Lead the design, deployment, and ongoing management of runtime application security solutions, ensuring they are effectively tuned, maintained, and continuously improved.
• Develop and maintain WAF rulesets.
• Assist the incident response team in responding to security alerts and incidents.
• Serve as the subject matter expert on run-time security solutions, providing guidance and support to technical teams during the implementation, troubleshooting, and optimization phases.
• Work closely with development, operations, and security teams to ensure security controls are aligned with business goals and regulatory requirements.
• Stay current with emerging threats, vulnerabilities, and technologies in the application security space to inform future strategies and solutions.
• Communicate complex security concepts and strategies to both technical and non-technical stakeholders, ensuring alignment and understanding across the organization.

Primary Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field; advanced degree preferred.
• 7+ years of experience in security architecture, with a focus on WAF technologies.
• Proven expertise in the implementation, tuning, and troubleshooting of run-time application security defenses such as WAF and ADR solutions.
• Strong understanding of runtime application security protection, including detection, monitoring, and incident response strategies.
• Excellent analytical skills with the ability to assess complex environments and develop effective security solutions.
• Outstanding communication skills, capable of articulating security concepts and strategies to a diverse audience.
• Ability to lead cross-functional teams and drive security initiatives across multiple business units.
• Relevant certifications (e.g., CISSP, CCSP, GWEB) are a plus.
• Demonstrated ability to stay current with industry trends and emerging threats in the security space.

Fullsteam supports an inclusive workplace that values diversity of thought, experience, and background. Fullsteam is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state, or local law.