Job
Description
Title: Senior Security Engineer (WAF & Application Security) About Team Our Information Security team is dedicated to safeguarding our digital assets by implementing robust security measures across a heterogeneous ecosystemincluding 1,000+ microservices, mobile apps, and internal platforms—deployed in a hybrid environment On-prem and cloud (AWS & Azure) We take a proactive, comprehensive approach to threat detection, vulnerability management, and incident response, ensuring our systems remain resilient against evolving cyber threats. Key Responsibilities: Manage and optimize our Akamai-based Web Application Firewall and CDN to deliver robust protection, effective traffic filtering, and DDoS mitigation across all public assets. Continuously monitor and analyze web traffic to detect, validate, and respond to BOT attacks, scraping, and other malicious activities while minimizing false positives. Monitor alerts, respond to SOCC escalations and lead the incident response efforts by providing actionable security reports and implementation of future preventions. Configure public FQDN delivery on the CDN (static & dynamic content both) for optimal performance, SSL Certs provisioning/renewal, complex routing to multiple origins. Conduct comprehensive vulnerability assessments, including manual testing, code reviews, and penetration testing, to identify and remediate security weaknesses. Actively assess reported vulnerabilities in web applications/APIs/Native mobile apps along with collaborating with development teams to explain vulnerabilities and get them remediated. Stay current with emerging security threats, industry trends, and regulatory requirements, and evaluate new technologies or strategies to enhance our security framework. Configure and manage the Breach Attack Simulation (BAS) and other perimeter solutions like IDS/IPS, Deception grids & Decoy systems. Desired Skills: Deep understanding of security fundamentals, including secure communication protocols, cryptographic techniques and industry frameworks such as OWASP, NIST, MITRE Hands-on experience with Web Application Firewalls (preferably Akamai), CDN Management, associated security configurations (signature and behavioral both) Demonstrated expertise in mitigating evolving BOT attacks by anticipating attacker tactics, with the ability to manage incidents effectively and adapt defenses as threats mutate Experience in configuring public setups, traffic routing, domain management, SSL Certs rotations for heavy traffic websites. Knowledge of network security and perimeter protection solutions, including managing IDS/IPS systems, deception grids, and decoy systems. Scripting familiarity (e.g., Python, Bash, or PowerShell) for automating security tasks and desire to expand those skills Relevant certifications (e.g., CEH, CISSP, OSCP) and at least 3 years of experience in application and perimeter security
