Application Security Engineer

Application Security Engineer

Remote within the US

US Citizen

Approximately 8 Month Contract (w/ possible extensions)

Summary

The Application Security Engineer candidate will have a strong background in cybersecurity and understanding of web application and zero trust proxy security practices. The primary responsibility of the Engineer will be to ensure the effective deployment, configuration, and maintenance of our systems for Global customers. This role requires expertise in Web Application Firewalls, Zero Trust Proxy, Cloud security as well as experience with alerts and detections and data log analysis. This role will be part of the Application Edge Protection Service within the CyberSecurity pillar.

Responsibilities

• Web Application Firewall Management: Deploy, configure, and maintain web application firewall systems to protect our web applications against potential threats and vulnerabilities.
• Zero Trust Proxy: Deploy, configure, and Zero Trust Proxy systems to support identity gates to include defining and maintaining policies and connectors.
• Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and other Cybersecurity teams.
• Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks utilizing logs. Provides investigation findings to relevant business units to help improve information security posture.
• CDN Integration: Collaborate with the infrastructure and application teams to integrate the web application firewall with CDNs such Akamai and Radware, ensuring seamless traffic management and content delivery.
• Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
• Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
• Collaboration: This role requires ability to explain security details to non- security teams such as application and engineering teams. Must be able to collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide guidance to application teams on application security best practices and security awareness, as needed.
• Automation: This role required individuals who are knowledgeable of automation processes, python terraform, use of AI and Cloud native concepts with AWS, Azure and Google cloud.

Requirements

Years of Experience: 4+ years with minimum 2 years in network security and 2 years in application security

Technical Skills

• Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
• Understanding of authentication and authorization flows (OAuth, SAMAL, OIDC)
• Strong technical background with Web Application Firewall (WAF), Zero Trust Network Access, APIs, and Cloud security policies.
• Understanding of API security issues and API authentication.
• Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis, log analysis, and threat detection is highly desirable.
• Good understanding of information security principles and policy enforcement.
• Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs
• Strong technical background in web development and familiarity with potential attack vectors/methods
• Understanding of Authentication, DNS, Networks, Firewalls, SSL Certificates

Experience in the following areas are strongly preferred:

• Knowledge of Web Application Firewall technologies (Akamai)
• Knowledge of Zero Trust framework and technologies
• Experience integrating zero trust with WAF
• Familiarity with cloud security services, concepts, and best practices (AWS, Azure, GCP)
• Infrastructure as code (Terraform) and automation using Python
• Ethical hacking
• ServiceNow experience
• Technical documentation experience
• CISSP, CISM, CISA, GIAC or other security certifications are desired
• Familiarity and comfortability using AI tools

Soft Skills

• High degree of personal integrity and ethics with a passion for protecting people and systems against cybersecyurity threats
• Excellent written and oral communication and presentation skills for technical and business audiences
• Advanced critical thinking, problem solving and technical troubleshooting abilities
• Track record of getting things done quickly and with high levels of quality
• Demonstrated ability to operate in a dynamic, evolving environment
• Ability to coordinate completion of multiple tasks and meet aggressive time frames
• Strong analytical skills with high attention to detail and accuracy
• Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment
• Bi-lingual a plus

Education/Certification Requirements

• Education (degree): Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience