Own the full lifecycle of CDN security configuration across enterprise platforms (Akamai, Cloudflare, Fastly, or equivalent), including origin shield, TLS/SSL policy, and traffic routing.
Design, implement, and continuously tune Web Application Firewall rule sets including OWASP Core Rule Set customization, rate limiting, geo-restrictions, and virtual patching for emerging vulnerabilities.
Lead DDoS mitigation strategy and incident response for both volumetric (L3/L4) and application-layer (L7) attacks; develop runbooks, define thresholds, and coordinate with CDN vendors during active events.
Configure and manage Bot management platforms (e.g., Akamai Bot Manager, Cloudflare Bot Management, DataDome, or equivalent), including policy creation, bot classification logic, CAPTCHA challenge rules, and false-positive tuning.
Analyze CDN traffic logs, security dashboards, and threat intelligence feeds to identify anomalous patterns, emerging attack campaigns, and opportunities to harden edge policies proactively.
Develop and maintain rate limiting, IP reputation management, and client fingerprinting policies to defend against credential stuffing, scraping, account takeover, and API abuse.
Partner with CDN and security vendors on escalated threat investigations, platform capabilities, and contract/SLA management.
Cloud Platform & Infrastructure Security
Architect and enforce security standards across cloud platforms (AWS, Azure).
Integrate security into CI/CD pipelines and automate compliance and configuration checks using Infrastructure-as-Code (Terraform, CloudFormation).
Conduct vulnerability assessments, penetration tests, and respond to security incidents promptly and thoroughly.
Manage privileged access and enforce least-privilege principles; implement identity security measures for multi-cloud environments.
Collaborate with DevOps and engineering teams to embed security into platform design from the ground up.
Qualifications
Bachelor's degree in Computer Science, Information Security, or related field (or equivalent practical experience).
5+ years in platform security, cloud security, or edge security roles, with a minimum of 3 years in a hands-on CDN security capacity.
Deep, demonstrable expertise with enterprise CDN platforms such as Akamai, Cloudflare, Fastly, or AWS CloudFront, including:
Writing, deploying, and tuning custom WAF rules and managed rule groups.
Configuring and managing bot mitigation policies, bot scoring thresholds, and challenge/block actions.
Designing and executing DDoS mitigation strategies for both volumetric and application-layer attacks.
Analyzing CDN security event logs and traffic analytics to identify and respond to threats in real time.
Proven experience supporting high-traffic, revenue-critical websites and securing large-scale distributed systems where availability and integrity are non-negotiable.
Ability to articulate trade-offs between security posture and business impact (e.g., false positive rates, latency, user experience) when configuring CDN edge policies.
Proficiency in scripting languages (Python, Bash) for automating CDN policy management, log analysis, and alerting.
Experience in Infrastructure-as-Code tools (Terraform) for managing CDN and cloud security configurations.
Experience in container security, Kubernetes hardening, and CI/CD pipeline security.
Familiarity with SIEM tools, threat intelligence platforms, and compliance frameworks (SOC 2, ISO 27001, PCI-DSS).
