Application Security Engineer
Overview
Application Security Engineer Remote within the US US Citizen Approximately 8 Month Contract (w/ possible extensions)
Summary
The Application Security Engineer candidate will have a strong background in cybersecurity and understanding of web application and zero trust proxy security practices. The primary responsibility of the Engineer will be to ensure the effective deployment, configuration, and maintenance of our systems for Global customers. This role requires expertise in Web Application Firewalls, Zero Trust Proxy, Cloud security as well as experience with alerts and detections and data log analysis. This role will be part of the Application Edge Protection Service within the CyberSecurity pillar.
Responsibilities
Web Application Firewall Management: Deploy, configure, and maintain web application firewall systems to protect our web applications against potential threats and vulnerabilities. Zero Trust Proxy: Deploy, configure, and Zero Trust Proxy systems to support identity gates to include defining and maintaining policies and connectors. Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and other Cybersecurity teams. Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks utilizing logs. Provides investigation findings to relevant business units to help improve information security posture. CDN Integration: Collaborate with the infrastructure and application teams to integrate the web application firewall with CDNs such Akamai and Radware, ensuring seamless traffic management and content delivery. Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers. Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed. Collaboration: This role requires ability to explain security details to non- security teams such as application and engineering teams. Must be able to collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide guidance to application teams on application security best practices and security awareness, as needed. Automation: This role required individuals who are knowledgeable of automation processes, python terraform, use of AI and Cloud native concepts with AWS, Azure and Google cloud.
Requirements
Years of Experience: 4+ years with minimum 2 years in network security and 2 years in application security Technical Skills Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques. Understanding of authentication and authorization flows (OAuth, SAMAL, OIDC) Strong technical background with Web Application Firewall (WAF), Zero Trust Network Access, APIs, and Cloud security policies. Understanding of API security issues and API authentication. Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis, log analysis, and threat detection is highly desirable. Good understanding of information security principles and policy enforcement. Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs Strong technical background in web development and familiarity with potential attack vectors/methods Understanding of Authentication, DNS, Networks, Firewalls, SSL Certificates Experience in the following areas are strongly preferred: Knowledge of Web Application Firewall technologies (Akamai) Knowledge of Zero Trust framework and technologies Experience integrating zero trust with WAF Familiarity with cloud security services, concepts, and best practices (AWS, Azure, GCP) Infrastructure as code (Terraform) and automation using Python Ethical hacking ServiceNow experience Technical documentation experience CISSP, CISM, CISA, GIAC or other security certifications are desired Familiarity and comfortability using AI tools Soft Skills High degree of personal integrity and ethics with a passion for protecting people and systems against cybersecyurity threats Excellent written and oral communication and presentation skills for technical and business audiences Advanced critical thinking, problem solving and technical troubleshooting abilities Track record of getting things done quickly and with high levels of quality Demonstrated ability to operate in a dynamic, evolving environment Ability to coordinate completion of multiple tasks and meet aggressive time frames Strong analytical skills with high attention to detail and accuracy Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment Bi-lingual a plus Education/Certification Requirements Education (degree): Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience Other DutiesPlease note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Apply To This Job