Security Engineer - Web Application & Network Protection
Revel IT
Columbus, United States of America
2 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Columbus, United States of America
Tech stack
API
Applications Architecture
User Authentication
Cloud Computing
Cloud Computing Security
Computer Security
Cross-Site Request Forgery
DDoS Mitigation
DNS
Virtual Private Networks (VPN)
Python
Network Security
Network Segmentation
Open Web Application Security
Web Application Security
SQL Injection
Software Vulnerability Management
Web Applications
Transport Layer Security
Captcha
Software Security
Cross-Site Scripting (XSS)
Rate Limiting
GIT
Kubernetes
Palo Alto Networks
REST
Terraform
Devsecops
Job description
- Web Application Security
- Administer and support F5 Distributed Cloud (XC) WAF platform.
- Deploy and maintain WAF policies, signatures, and security controls.
- Configure:
- API Protection
- Bot Defense
- DDoS Mitigation
- Geolocation Policies
- Rate Limiting
- CAPTCHA Challenges
- Investigate and tune false positives.
- Perform application onboarding into WAF services.
- Conduct WAF policy reviews and optimization.
- Support incident response involving web application attacks.
- Application Security
- Understand and mitigate:
- OWASP Top 10
- Authentication attacks
- API abuse
- Credential stuffing
- Session hijacking
- Cross-Site Scripting (XSS)
- SQL Injection
- SSRF
- CSRF
- Review application architectures and recommend security improvements.
- Partner with development teams during application onboarding and troubleshooting.
- Network Security
- Administer and support:
- Palo Alto Networks NGFW
- Prisma Access
- Site-to-site VPNs
- SSL decryption
- NAT and security policies
- Network segmentation
- DNS and routing troubleshooting
- Support production incidents and participate in on-call rotation.
- Cloud & Automation
- Develop automation using:
- Python
- REST APIs
- Terraform
- Git
- Build dashboards and reporting around security posture.
- Automate repetitive operational tasks.
- Security Operations
- Participate in:
- Incident response
- Threat hunting
- Security assessments
- Vulnerability remediation
- Root cause analysis
- Architecture reviews
Requirements
We are seeking a Senior Cybersecurity Engineer to lead the design, implementation, and support of enterprise web application and network security solutions. This role will be responsible for securing internet-facing applications through F5 Distributed Cloud WAF, API security, bot protection, and network security technologies including Palo Alto firewalls and secure remote access solutions. The ideal candidate possesses a blend of application security, network security, and cloud security experience and is passionate about protecting critical enterprise services., * Experience with:
- Bot Management
- API Security
- DDoS Protection
- CDN technologies
- DevSecOps
- CI/CD pipelines
- Kubernetes
- Containers
- Terraform
Certifications:
- OWASP Foundation certifications
- ISC2 CISSP
- GIAC certifications
- F5 certifications
- Palo Alto Networks certifications