Application Security Engineer

About The Position

Requirements

• 4+ years with minimum 2 years in network security and 2 years in application security
• Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
• Understanding of authentication and authorization flows (OAuth, SAMAL, OIDC)
• Strong technical background with Web Application Firewall (WAF), Zero Trust Network Access, APIs, and Cloud security policies.
• Understanding of API security issues and API authentication.
• Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis, log analysis, and threat detection is highly desirable.
• Good understanding of information security principles and policy enforcement.
• Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs
• Strong technical background in web development and familiarity with potential attack vectors/methods
• Understanding of Authentication, DNS, Networks, Firewalls, SSL Certificates
• Knowledge of Web Application Firewall technologies (Akamai)
• Knowledge of Zero Trust framework and technologies
• Experience integrating zero trust with WAF
• Familiarity with cloud security services, concepts, and best practices (AWS, Azure, GCP)
• Infrastructure as code (Terraform) and automation using Python
• Ethical hacking
• ServiceNow experience
• Technical documentation experience
• Familiarity and comfortability using AI tools
• High degree of personal integrity and ethics with a passion for protecting people and systems against cybersecyurity threats
• Excellent written and oral communication and presentation skills for technical and business audiences
• Advanced critical thinking, problem solving and technical troubleshooting abilities
• Track record of getting things done quickly and with high levels of quality
• Demonstrated ability to operate in a dynamic, evolving environment
• Ability to coordinate completion of multiple tasks and meet aggressive time frames
• Strong analytical skills with high attention to detail and accuracy
• Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment
• Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience

Nice To Haves

• CISSP, CISM, CISA, GIAC or other security certifications are desired
• Bi-lingual a plus

Responsibilities

• Deploy, configure, and maintain web application firewall systems to protect our web applications against potential threats and vulnerabilities.
• Deploy, configure, and Zero Trust Proxy systems to support identity gates to include defining and maintaining policies and connectors.
• Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and other Cybersecurity teams.
• Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks utilizing logs. Provides investigation findings to relevant business units to help improve information security posture.
• Collaborate with the infrastructure and application teams to integrate the web application firewall with CDNs such Akamai and Radware, ensuring seamless traffic management and content delivery.
• Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
• Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
• This role requires ability to explain security details to non- security teams such as application and engineering teams. Must be able to collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide guidance to application teams on application security best practices and security awareness, as needed.
• This role required individuals who are knowledgeable of automation processes, python terraform, use of AI and Cloud native concepts with AWS, Azure and Google cloud.