Web Application Security Engineer

About The Position

Requirements

• Excellent communication skills, both verbal and written, and the ability to work effectively with cross-functional teams.
• Ability to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors).
• Ability to work independently and as a member of a team
• Flexibility to operate and self-driven to excel in a fast-paced environment
• Capable of multi-tasking, highly organized, with excellent time management skills
• Bachelor's degree in computer science, Information Security, or a related field
• 5 years or more experience with WAF technologies (Akamai Kona, Azure App Gateway, Cloudflare).
• 7 years or more experience with DAST tools such as Burp Suite and enterprise scanning platforms such as InsightAppSec.
• 5 years or more Proficiency with applications, databases, web services, authentication and middleware servers.
• 5 years or more Aptitude with one or more scripting languages (e.g., Python, PowerShell, Bash).
• 5 years or more Proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems
• 5 years or more Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications.
• 5 years or more Skilled in analyzing logs to identify and interpret attack patterns accurately.
• Hands-on experience with CDN platforms and integration of security policies within those services. Expert
• Advanced understanding of web application security, including common attack vectors and secure design principles. Expert
• Knowledge of CI/CD pipelines and integration of security testing tools. Advanced
• Strong troubleshooting skills of web application client and server technologies, forward and reverse proxies, static content caching, DNS, etc Expert
• Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy, advanced required

Nice To Haves

• CISSP, OSCP, OSWE, or other industry-leading certifications

Responsibilities

• Lead the onboarding of web applications into a CDN, ensuring proper security policy integration and optimized delivery.
• Manage WAFs deployed on-premises, in the cloud, or in hybrid environments, including those co-managed with external service providers.
• Configure, maintain, and tune WAF rules to protect against web application threats, including OWASP Top Ten risks.
• Set up and execute DAST scans on web applications to identify vulnerabilities in runtime environments, validate WAF coverage, and provide actionable remediation guidance.
• Collaborate with development, infrastructure, and SOC/IR teams to ensure findings are triaged, addressed, and documented.
• Monitor application traffic and threat activity, leveraging automation and analytics to detect and respond to anomalies.
• Perform continuous testing and tuning of WAF policies based on threat intelligence, logs, and scan results.
• Contribute to incident response efforts related to application-layer attacks and vulnerabilities.
• Develop and maintain documentation related to WAF policies, scan results, application mappings, and remediation plans.
• Perform other duties as assigned.

Benefits

• Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax-advantaged 401(k) retirement savings plan.