Senior Security Engineer – Web Application & Network Protection (C2H)
Blue Star Partners · Columbus, OH · 2 days ago
Hybrid$70–$79/hrFull-time
About the role
We are seeking an experienced Senior Security Engineer – Web Application & Network Protection to lead the design, implementation, and support of enterprise web application and network security solutions.
Responsibilities
- Administer and support the F5 Distributed Cloud (XC) WAF platform.
- Deploy, configure, and maintain WAF policies, signatures, and security controls for internet-facing applications.
- Configure and optimize protections related to:
- API Protection
- Bot Defense / Bot Management
- DDoS Mitigation
- Geolocation Policies
- Rate Limiting
- CAPTCHA Challenges
- Investigate and tune false positives to balance protection with business usability.
- Perform application onboarding into WAF services and support secure rollout of web-facing applications.
- Conduct policy reviews and continuous optimization of WAF protections.
- Support investigation and response activities related to web application attacks and anomalous traffic.
- Administer and support key network security technologies, including:
- Palo Alto Networks NGFW
- Prisma Access
- Site-to-site VPNs
- SSL decryption
- NAT and security policies
- Network segmentation
- Support DNS and routing troubleshooting related to protected applications and network flows.
- Aid in production security incidents and operational support activities.
- Participate in an on-call rotation as needed to support enterprise services and incident response.
- Develop and maintain automation solutions using:
- Python
- REST APIs
- Terraform
- Git
- Automate repetitive operational tasks to improve consistency, scalability, and efficiency.
- Build dashboards, reporting, and visibility tools to help monitor security posture and operational performance.
- Support DevSecOps and CI/CD practices by partnering with engineering teams to embed security into deployment pipelines and operational processes.
- Contribute to secure infrastructure and application delivery practices across cloud and containerized environments.
- Participate in:
- Incident response
- Threat hunting
- Security assessments
- Vulnerability remediation
- Root cause analysis
- Architecture reviews
- Support identification and remediation of vulnerabilities affecting web applications, APIs, and network security infrastructure.
- Contribute to ongoing enhancement of detection, prevention, and response capabilities.
- Provide recommendations to improve operational security controls, reduce risk, and strengthen enterprise resilience.
Qualifications
- 7+ years of experience in cybersecurity engineering, with strong focus on web application security, network security, or cloud security.
- Hands-on experience administering and supporting web application firewall (WAF) technologies in an enterprise environment.
- Experience with F5 Distributed Cloud (XC) WAF or comparable advanced WAF platforms.
- Strong understanding of:
- Web application attacks
- API security threats
- Bot mitigation
- DDoS protection
- Authentication and session-related attack patterns
- Experience supporting Palo Alto Networks security technologies, including NGFW and/or Prisma Access.
- Experience with network security concepts such as VPNs, SSL decryption, NAT, segmentation, DNS, and routing troubleshooting.
- Experience with automation and scripting using Python, REST APIs, Terraform, and Git.
- Familiarity with DevSecOps and CI/CD pipelines.
- Strong incident response, troubleshooting, and problem-solving skills.
- Ability to work across infrastructure, cloud, networking, development, and security teams in a collaborative environment.
Preferred Qualifications
- Experience with:
- Bot Management
- API Security
- DDoS Protection
- CDN technologies
- Kubernetes
- Containers
- Terraform
- DevSecOps
- CI/CD pipelines
- Experience building security dashboards, posture reporting, or automation tooling.
- Familiarity with secure cloud-native application delivery and modern edge security architectures.
- Experience in regulated, utility, or large enterprise environments is a plus.
Core Competencies
- Web Application Security
- WAF Administration
- API Security
- Bot Management
- DDoS Mitigation
- Network Security
- Palo Alto Networks
- Prisma Access
- Cloud Security
- DevSecOps
- Security Automation
- Incident Response
Additional Notes
- This is a contract-to-hire opportunity.
- The role requires a hybrid onsite schedule in Columbus, OH.
- Candidates must be authorized to work in the United States now and in the future without sponsorship.