Jobs · Ohio

Senior Security Engineer – Web Application & Network Protection (C2H)

Blue Star Partners · Columbus, OH · 2 days ago
Hybrid$70–$79/hrFull-time

About the role

We are seeking an experienced Senior Security Engineer – Web Application & Network Protection to lead the design, implementation, and support of enterprise web application and network security solutions.

Responsibilities

  • Administer and support the F5 Distributed Cloud (XC) WAF platform.
  • Deploy, configure, and maintain WAF policies, signatures, and security controls for internet-facing applications.
  • Configure and optimize protections related to:
    • API Protection
    • Bot Defense / Bot Management
    • DDoS Mitigation
    • Geolocation Policies
    • Rate Limiting
    • CAPTCHA Challenges
    • Investigate and tune false positives to balance protection with business usability.
    • Perform application onboarding into WAF services and support secure rollout of web-facing applications.
    • Conduct policy reviews and continuous optimization of WAF protections.
    • Support investigation and response activities related to web application attacks and anomalous traffic.
    • Administer and support key network security technologies, including:
      • Palo Alto Networks NGFW
      • Prisma Access
      • Site-to-site VPNs
      • SSL decryption
      • NAT and security policies
      • Network segmentation
      • Support DNS and routing troubleshooting related to protected applications and network flows.
      • Aid in production security incidents and operational support activities.
      • Participate in an on-call rotation as needed to support enterprise services and incident response.
    • Develop and maintain automation solutions using:
      • Python
      • REST APIs
      • Terraform
      • Git
      • Automate repetitive operational tasks to improve consistency, scalability, and efficiency.
      • Build dashboards, reporting, and visibility tools to help monitor security posture and operational performance.
      • Support DevSecOps and CI/CD practices by partnering with engineering teams to embed security into deployment pipelines and operational processes.
      • Contribute to secure infrastructure and application delivery practices across cloud and containerized environments.
    • Participate in:
      • Incident response
      • Threat hunting
      • Security assessments
      • Vulnerability remediation
      • Root cause analysis
      • Architecture reviews
      • Support identification and remediation of vulnerabilities affecting web applications, APIs, and network security infrastructure.
      • Contribute to ongoing enhancement of detection, prevention, and response capabilities.
      • Provide recommendations to improve operational security controls, reduce risk, and strengthen enterprise resilience.

    Qualifications

    • 7+ years of experience in cybersecurity engineering, with strong focus on web application security, network security, or cloud security.
    • Hands-on experience administering and supporting web application firewall (WAF) technologies in an enterprise environment.
    • Experience with F5 Distributed Cloud (XC) WAF or comparable advanced WAF platforms.
    • Strong understanding of:
      • Web application attacks
      • API security threats
      • Bot mitigation
      • DDoS protection
      • Authentication and session-related attack patterns
    • Experience supporting Palo Alto Networks security technologies, including NGFW and/or Prisma Access.
    • Experience with network security concepts such as VPNs, SSL decryption, NAT, segmentation, DNS, and routing troubleshooting.
    • Experience with automation and scripting using Python, REST APIs, Terraform, and Git.
    • Familiarity with DevSecOps and CI/CD pipelines.
    • Strong incident response, troubleshooting, and problem-solving skills.
    • Ability to work across infrastructure, cloud, networking, development, and security teams in a collaborative environment.

    Preferred Qualifications

    • Experience with:
      • Bot Management
      • API Security
      • DDoS Protection
      • CDN technologies
      • Kubernetes
      • Containers
      • Terraform
      • DevSecOps
      • CI/CD pipelines
      • Experience building security dashboards, posture reporting, or automation tooling.
      • Familiarity with secure cloud-native application delivery and modern edge security architectures.
      • Experience in regulated, utility, or large enterprise environments is a plus.

    Core Competencies

    • Web Application Security
    • WAF Administration
    • API Security
    • Bot Management
    • DDoS Mitigation
    • Network Security
    • Palo Alto Networks
    • Prisma Access
    • Cloud Security
    • DevSecOps
    • Security Automation
    • Incident Response

    Additional Notes

    • This is a contract-to-hire opportunity.
    • The role requires a hybrid onsite schedule in Columbus, OH.
    • Candidates must be authorized to work in the United States now and in the future without sponsorship.

Similar jobs