Web Application Security Engineer

Headquarters: USA - Remote FL URL: http://ryder.com Job Seekers can review the Job Applicant Privacy Policy by clicking here.Job Description:SummaryThe Web Application Security Engineer is a critical member of the cybersecurity team responsible for protecting web-based applications hosted on-premises and in the cloud. This role plays a key part in strengthening the organization’s application security posture by onboarding web applications into a Content Delivery Network (CDN), configuring and maintaining WAF protections, and executing Dynamic Application Security Testing (DAST) scans. The engineer designs and deploys secure WAF configurations to defend against emerging threats without disrupting business operations. They are also responsible for identifying, mitigating, and escalating vulnerabilities through proactive monitoring and testing. This role collaborates closely with security operations, application development teams, and third-party providers to ensure comprehensive application protection across environments.Essential FunctionsLead the onboarding of web applications into a CDN, ensuring proper security policy integration and optimized delivery.Manage WAFs deployed on-premises, in the cloud, or in hybrid environments, including those co-managed with external service providers. Configure, maintain, and tune WAF rules to protect against web application threats, including OWASP Top Ten risks.Set up and execute DAST scans on web applications to identify vulnerabilities in runtime environments, validate WAF coverage, and provide actionable remediation guidance. Collaborate with development, infrastructure, and SOC/IR teams to ensure findings are triaged, addressed, and documented.Monitor application traffic and threat activity, leveraging automation and analytics to detect and respond to anomalies. Perform continuous testing and tuning of WAF policies based on threat intelligence, logs, and scan results.Contribute to incident response efforts related to application-layer attacks and vulnerabilities.Develop and maintain documentation related to WAF policies, scan results, application mappings, and remediation plans. Additional ResponsibilitiesPerform other duties as assigned. Skills and AbilitiesExcellent communication skills, both verbal and written, and the ability to work effectively with cross-functional teams., RequiredAbility to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors)., RequiredAbility to work independently and as a member of a team, RequiredFlexibility to operate and self-driven to excel in a fast-paced environment, RequiredCapable of multi-tasking, highly organized, with excellent time management skills, Required QualificationsBachelor's degree in computer science, Information Security, or a related field, Required5 years or more experience with WAF technologies (Akamai Kona, Azure App Gateway, Cloudflare)., Required7 years or more experience with DAST tools such as Burp Suite and enterprise scanning platforms such as InsightAppSec., Required5 years or more Proficiency with applications, databases, web services, authentication and middleware servers., Required5 years or more Aptitude with one or more scripting languages (e.g., Python, PowerShell, Bash)., Required5 years or more Proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems, Required5 years or more Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications., Required5 years or more Skilled in analyzing logs to identify and interpret attack patterns accurately., RequiredHands-on experience with CDN platforms and integration of security policies within those services. Expert, RequiredAdvanced understanding of web application security, including common attack vectors and secure design principles. Expert, RequiredKnowledge of CI/CD pipelines and integration of security testing tools. Advanced, RequiredStrong troubleshooting skills of web application client and server technologies, forward and reverse proxies, static content caching, DNS, etc Expert, RequiredExperience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy, advanced required Advanced, Required& CISSP, OSCP, OSWE, or other industry-leading certifications, Preferred TravelNoJob CategoryInformation SecurityCompensation Information:The compensation offered to a candidate may be influenced by a variety of factors, including the candidate’s relevant experience; education, including relevant degrees or certifications; work location; market data/ranges; internal equity; internal salary ranges; etc. The position may also be eligible to receive an annual bonus, commission, and/or long-term incentive plan based on the level and/or type. Compensation ranges for the position are below:Pay Type:SalariedMinimum Pay Range:$115,000.00M