Job Summary
This position is responsible for the hands-on tuning and security configuration of the web and content delivery platform. Responsibilities include leading the enterprise bot mitigation and fraud detection strategy across web and mobile applications and the portfolio of brands loyalty programs. Additionally, the position is responsible for understanding and interpreting the business and technical requirements of securing the enterprise's next generation, forward-thinking applications and incident response.
Duties and Responsibilities
Bachelor's degree preferred and/or combination or prior work experience in the field of information security
Experience
This position is responsible for the hands-on tuning and security configuration of the web and content delivery platform. Responsibilities include leading the enterprise bot mitigation and fraud detection strategy across web and mobile applications and the portfolio of brands loyalty programs. Additionally, the position is responsible for understanding and interpreting the business and technical requirements of securing the enterprise's next generation, forward-thinking applications and incident response.
Duties and Responsibilities
- Design and implement application security solutions which enforce security consistently across internally/externally developed applications (50%)
- Participate in design reviews with Development and Project Teams
- Create/develop security related configurations in Cloudflare
- Build and craft bot detection and mitigation capabilities
- Provide future strategic and tactical plans which affect application security environments and initiatives
- Advise platform operations team on public cloud (AWS/Azure) security configurations that may affect application security
- Incident Response and Analysis (50%)
- Perform log and event analysis on large amounts of web and mobile application traffic to websites and develop trend reports in effort to correlate suspicious activity and patterns.
- Collaborate with internal teams to implement mitigation strategies to stop automated website attacks.
- Lead incident response when involving bot attacks and application fraud
- Provide easily consumable but detailed evidence for all actions taken.
Bachelor's degree preferred and/or combination or prior work experience in the field of information security
Experience
- 4+ years related experience in the field of information security
- 4+ of software development experience
- 1+ years of work experience in application security
- Prior Retail Technology experience (preferred)
- Prior Quick Service Restaurant experience, a plus.
- Extensive knowledge of Cloudflare and/or Imperva, Akamai Web Application Firewall configuration and management
- Experience with software vulnerability scanning tools
- Experience with web application vulnerability scanning tools
- Expert Python Scripting, Perl, Shell scripting. Development experience in C++, Java, Java Script.
- Excellent experience with Regular Expressions
- Solid understanding of web applications, web servers, application firewalls, frameworks and protocols with respect to web application development, deployment, and operation
- Extensive knowledge of web technologies and concepts
- Strong understanding of TCP/IP, web protocols and networking concepts
- Experience in reviewing and analyzing log files and data correlation
- Excellent logical and practical understanding of SDLC
- Awareness of DevOps and Agile principles
- Experience with managing Web/Application Servers
- Scripting/programming using Python
- Excellent understanding and hands on experience with Java and/or .NET technologies
- Excellent knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
- Experience with Web Application Firewall management and rules
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
- Excellent understanding of DDoS techniques and mitigation mechanisms
- Experience with public cloud (e.g., Azure, AWS, GCP)
- Ability to work well under pressure and have great organizational and interpersonal skills.
- Skills to be consistently updated based on new software development and hardware technologies.
- Ability to meet specific deadlines and work under pressure.
- Experience with credit card and rewards program technologies
- Word processing, spreadsheet technologies, presentation skills and database experience are necessary.
- Ability to rotate "on call" for technical or service challenges which have been escalated beyond our helpdesk(s) regarding store down, critical call assistance or company user request assistance required. The rotation requires work during non-corporate business hours including nights and weekends.
- Must be available for job-related light travel.