Security Operations Lead; Web & API Defense

Security Operations Lead (Web & API Defense)

Join to apply for the Security Operations Lead (Web & API Defense) role at LABUR

• Real-Time Traffic Analysis:
  Actively monitor and tune the Web Application Firewall (WAF) to identify and block sophisticated Layer 7 attacks, including SQL injection, Cross-Site Scripting (XSS), and automated bot campaigns targeting transaction portals.
• Custom Rule Development:
  Design, test, and deploy custom WAF rules (Regex, Rate Limiting, Geo-blocking) to mitigate emerging threats specifically identified during the transaction period.
• API Protection:
  Secure transaction-related APIs by enforcing schema validation, authentication checks, and monitoring for broken object-level authorization (BOLA) attempts.
• False Positive Mitigation:
  Continuously coordinate to refine WAF policies to ensure legitimate transaction traffic from partners and stakeholders is not disrupted while maintaining a high security posture.
• Bot Strategy & Classification:
  Implement and manage bot detection policies to distinguish between “Good Bots” (Search engines, partner scrapers) and “Bad Bots” (Scr, credential stuffing tools, and automated deal-interers).
• Credential Stuffing Prevention:
  Deploy specific defenses to protect login and transaction endpoints from automated brute-force attacks aimed at compromising deal-team accounts.
• Targeted Threat Modeling:
  Conduct rapid threat modeling for applications involved in the deal close to identify high-risk data egress points.
• Urgent Remediation Oversight:
  Prioritize and track the remediation of “Critical” and “High” vulnerabilities in internet-facing applications, coordinating directly with dev teams, akamai vendor etc. for emergency patching.
• L7 Incident Lead:
  Serve as the primary onsite expert for application-level security incidents, coordinating with the SOC to correlate WAF logs with SIEM alerts.
• DDoS Readiness:
  Oversee the configuration and readiness of DDoS mitigation services to ensure application availability during peak transaction windows.
• Behavioral Analysis:
  Utilize behavioral fingerprinting and telemetry to identify and mitigate headless browsers and sophisticated human-mimicking bots that bypass traditional IP-based blocking.

• 6+ Years of
  
  Experience:
  
  Proven track record in Information Security, with at least 5 years specifically focused on Application Security Operations and WAF Management.
• WAF & Bot Expertise:
  Deep technical hands‑on experience with enterprise‑grade WAF/Bot platforms (e.g., AWS WAF Bot Control, Akamai Bot Manager, or Cloudflare Bot Management).
• Bot Countermeasures:
  Expertise in advanced fingerprinting techniques, including TLS fingerprinting, device , and behavioral velocity checks.
• Web Architecture Mastery:
  Comprehensive understanding of HTTP/S protocols, SSL/TLS, and how bot management impacts SEO and legitimate partner API integrations.
• Defense & Ops:
  Advanced proficiency in analyzing WAF logs and using SIEM tools to differentiate between “background noise” and targeted application attacks.
• Vulnerability Management:
  Expertise in correlating DAST/Penetration Test results with WAF “Virtual Patching” capabilities to provide immediate protection before code‑level fixes are deployed.
• Preferred – Cloud Security:
  Strong knowledge of AWS Security Groups, Shield, and Network ACLs to provide a multi‑layered defense‑in‑depth strategy.
• Certifications:
  
  Possession of the CISSP is highly preferred. Specialist certifications such as CASE (Certified Application Security Engineer) or vendor‑specific WAF certifications are a significant plus.

Mid‑Senior level

Contract

Management and Manufacturing

IT Services and IT Consulting