Web Application Security Engineer

Application EngineerApplication EngineerFull TimeRemoteTeam 10,001+Since 1933H1B No SponsorCompany Site LinkedIn

Location

Florida

Posted

66 days ago

Salary

$115K - $120K / year

Bachelor Degree5 yrs expEnglishAzureCloudDNSPython

Job Description

• Lead the onboarding of web applications into a CDN, ensuring proper security policy integration and optimized delivery • Manage WAFs deployed on-premises, in the cloud, or in hybrid environments, including those co-managed with external service providers • Configure, maintain, and tune WAF rules to protect against web application threats, including OWASP Top Ten risks • Set up and execute DAST scans on web applications to identify vulnerabilities in runtime environments, validate WAF coverage, and provide actionable remediation guidance • Collaborate with development, infrastructure, and SOC/IR teams to ensure findings are triaged, addressed, and documented • Monitor application traffic and threat activity, leveraging automation and analytics to detect and respond to anomalies • Perform continuous testing and tuning of WAF policies based on threat intelligence, logs, and scan results • Contribute to incident response efforts related to application-layer attacks and vulnerabilities • Develop and maintain documentation related to WAF policies, scan results, application mappings, and remediation plans

Job Requirements

Bachelor's degree in computer science, Information Security, or a related field
5 years or more experience with WAF technologies (Akamai Kona, Azure App Gateway, Cloudflare)
7 years or more experience with DAST tools such as Burp Suite and enterprise scanning platforms such as InsightAppSec
5 years or more Proficiency with applications, databases, web services, authentication and middleware servers
5 years or more Aptitude with one or more scripting languages (e.g., Python, PowerShell, Bash)
5 years or more Proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems
5 years or more Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications
5 years or more Skilled in analyzing logs to identify and interpret attack patterns accurately
Hands-on experience with CDN platforms and integration of security policies within those services
Advanced understanding of web application security, including common attack vectors and secure design principles
Knowledge of CI/CD pipelines and integration of security testing tools
Strong troubleshooting skills of web application client and server technologies, forward and reverse proxies, static content caching, DNS, etc
Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy
CISSP, OSCP, OSWE, or other industry-leading certifications

Benefits

comprehensive health and welfare benefits
medical, prescription, dental, vision, life insurance and disability insurance options
paid time off for vacation, illness, bereavement, family and parental leave
tax-advantaged 401(k) retirement savings plan