Job Description

Lead Security Engineer (AWS WAF / Web Application Firewall)

Long-term Contract

100% Remote (U.S. Based, East Coast Hours)

We are seeking a highly skilled Lead Security Engineer with a strong background in Web Application Firewall (AWS WAF) for a long-term contract role supporting our client and their team. This is a position where we expect the candidate to utilize their past leadership experience as well as their hands on technical programming and security engineering chops to be successful. This position is 100% remote but requires the candidate to be willing and able to work on East Coast hours. This role is a backfill for an existing position. This person should come with senior level experience with Web Application Firewalls (Cloudflare and AWS WAF). We need this candidate to bring strong leadership experience and have an innate ability to guide and mentor team members...

The ideal candidate will come with a background in software programming/development with proficiency in Java and Python . They should also have in-depth knowledge of Information Security Principles and Application Security Fundamentals

• Manage and maintain Web Application Firewalls (Cloudflare and AWS WAF)
• Provide leadership and guidance to team members
• Leverage software programming/development experience using languages like Java and Python
• Apply a deep understanding of Information Security Principles and Application Security Fundamentals
• Implement and manage Application Security Testing (AST) Frameworks, including SAST, DAST, SCA, SBOM, and Serverless
• Configure and optimize In-Line and out-of-band security controls
• Develop and maintain AWS infrastructure, including WAF, ALB, CloudFront, CloudFormation, ECS, EC-2, S3, SQS, RDS, SSL/ACP, CloudTrail, Kinesis, SDK (Java, Boto3 Python), CLI, and VPC
• Integrate CI/CD tools, particularly Jenkins for pipeline and orchestrator tasks
• Utilize version control systems like BitBucket and Git
• Create and manage Splunk queries, dashboards, and lookup tables
• Use Atlassian tools (Jira, Confluence) for project and documentation management
• Employ tools like Postman and Burp (or other HttpProxy) for testing and troubleshooting
• Provide periodic after-hour support as required

• Proven experience with Web Application Firewalls (Cloudflare and AWS WAF)
• Strong leadership experience with the ability to guide and mentor team members
• Background in software programming/development with proficiency in Java and Python
• In-depth knowledge of Information Security Principles and Application Security Fundamentals
• Experience with Application Security Testing (AST) Frameworks
• Proficiency in configuring and tuning security controls
• Extensive experience with AWS services and tools
• Familiarity with CI/CD pipelines and tools like Jenkins
• Competence with version control systems, specifically BitBucket and Git
• Proficiency in Splunk for data analysis and dashboard creation
• Experience using Atlassian tools for project management
• Hands-on experience with tools like Postman and Burp for security testing

• This is a backfill position
• Periodic after-hour support is required