Cybersecurity Engineer - Application Security

Job Description

The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA.

This role is responsible for the configuration, tuning, lifecycle management, and continuous improvement of our EDR and EPM tooling from a cybersecurity perspective, ensuring the platform is optimally deployed, deeply integrated with our broader security stack, and proactively evolving to address emerging threats.

You will partner closely with the SOC and IT Security teams to align detection capabilities with operational workflows, serving as the primary technical liaison.

Support the design, configuration, and ongoing optimization of application and web security platforms, including WAF, API security, DAST/SAST tooling, RASP, and application-layer monitoring solutions.

Partner with application, Dev Ops, and platform teams to embed security controls into new and existing applications, ensuring security requirements are implemented pragmatically without disrupting delivery.

Define and maintain application security baselines, configuration standards, and control requirements aligned with industry best practices and KLA security architecture.

Ensure application and web security platforms integrate effectively with SIEM, SOAR, logging pipelines, and identity platforms to maximize security visibility and detection value.

Support the rollout of new security capabilities through structured project implementation, including requirements gathering, testing, validation, and operational handover.

Evaluate new tooling, features, and detection capabilities, leading proof‑of‑concept activities and supporting informed adoption decisions.

Monitor agent health, fleet coverage, and version compliance; manage agent lifecycle including upgrades, rollouts, and rollback procedures.

Collaborate with SOC teams to develop, tune, and maintain application‑ and web‑layer detections mapped to MITRE ATT&CK techniques and real‑world attacker behaviors.

Improve detection fidelity by analyzing false positives, coverage gaps, and noisy signals across application logs, web telemetry, and API activity.

Ensure critical application security events are visible, actionable, and aligned with SOC workflows and incident response playbooks.

Assist with threat hunting activities focused on application abuse, web exploitation, authentication bypass, and API misuse using log analytics and behavioral signals.

Support post‑incident root cause analysis by correlating application telemetry, security alerts, and infrastructure data to identify control gaps and improvement opportunities.

Act as a cybersecurity engineering resource for application and platform projects, providing implementation guidance, security validation, and operational readiness support.

Work closely with engineering and delivery teams to translate security requirements into actionable technical controls.

Support security architecture initiatives by validating that implemented controls meet intended design and risk objectives.

Provide technical input into security risk assessments, application onboarding, and exception handling processes.

Produce and maintain technical documentation, including configuration standards, integration guides, and operational runbooks.

Identify and resolve complex integration and interoperability issues between application security tooling, logging platforms, CI/CD pipelines, and identity systems.

Support troubleshooting of detection gaps, data quality issues, and performance concerns impacting security visibility.

Serve as a technical escalation point for application security tooling issues, coordinating with vendors and internal platform owners.

Partner with IT, cloud, and application teams to ensure security tooling scales reliably across global environments.