Position Title : LeadApplication Security Engineer
Location : Remote
Contract Duration : Long Term Contract
Interview : Virtual
KeyResponsibilities :
Web Application FirewallManagement :
- Expertisein AWS WAF and Cloudflare .
- Tweakand tune rules to ensure optimal inline and outofband securitycontrols.
Leadership andCommunication :
- Leadand communicate effectively with stakeholders even without priorexperience.
- Proficient in answeringscenariobased questions and navigating updates risks and issues toleadership.
ApplicationSecurity :
- Understandand apply OWASP Top 10 principles.
- Implement and manage ApplicationSecurity Testing (AST) frameworks (e.g. SAST DAST SCA SBOMServerless).
- Understand information securityprinciples and application security fundamentals.
AWS CloudServices :
- Manage andsecure AWS services including WAF ALB CloudFrontCloudFormation ECS EC2 S3 SQS RDS SSL / ACP CloudTrailKinesis and more.
- Use AWS SDKs(Java Boto3 for Python) and CLI tools to automate and manage cloudinfrastructure.
SoftwareDevelopment :
Experience in programming with languages like Java and Python .
CI / CD and VersionControl :
- Implementand manage CI / CD pipelines using Jenkins .
- Useversion control systems like BitBucket and Git .
Monitoring andReporting :
Developand manage Splunk queries dashboards and lookup tables.
CollaborationTools :
Use Jira and Confluence for project anddocumentation management.
SecurityTools :
Utilize toolslike Postman and Burp (or other HTTP proxy tools) fortesting and debugging.
Support :
Provide periodic afterhour support asneeded.
Qualifications :
- Strong expertise in AWSWAF and Cloudflare .
- Excellent communication skills and the ability to leadeffectively.
- Solid understanding of OWASP Top 10 and application securityprinciples.
- Experience with applicationsecurity testing frameworks and security controls.
- Proficient in using AWS services and related SDKs and CLItools.
- Software development experience in Javaand Python.
- Knowledge of CI / CD tools likeJenkins and version control systems like BitBucket andGit.
- Experience with Splunk for monitoring andreporting.
- Familiarity with Atlassian tools(Jira and Confluence).
- Proficient in usingPostman and Burp for security testing.
- Abilityto provide afterhour support periodically.
Preferred / BonusSkills :
- Experience asa people leader.
- Understanding of informationsecurity principles and fundamentals.
- Familiarity with additional AWS services and securitybest practices.
- Additional programming orscripting experience.
- Experience with othersecurity tools and frameworks.
14 hours ago