Application Security Engineer- WAF

Overview

As someone enthusiastic about securing a wide variety of applications, you are looking for an opportunity to learn about Application Security and contribute to an innovative and technology-oriented environment. As an Application Security Engineer at Esri, you will work with our team to secure Esri's intellectual property, networks, and sensitive data against a variety of complex threats, with support from all levels of leadership. We collaborate closely with the application development, DevSecOps, and information security departments to design security into our applications up front, perform application layer security testing, and assist developers with vulnerability remediation. We welcome you to join Esri, where you can make a real difference every day!

Responsibilities

• Create, deploy, maintain and troubleshoot Web Application Firewall (WAF) policies for existing and new web applications
• Monitor and analyze activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks
• Review WAF usage and define means to improve and mature protection policies
• Collaborate closely with application developers to analyze findings and implement required remediations or countermeasures
• Help assess and calculate application risks, communicate your findings to stakeholders of varying technical skill levels
• Assist leadership with organization of ongoing work across the team, policy and documentation creation, and preparation of relevant metrics on findings and remediation activity for leadership
• Interpret web protocol information to determine source, intent, and risk of threats
• Provide operational support, troubleshoot and quickly resolve problems
• Create and maintain technical documentation regarding the WAF including network diagrams, policies and operational procedures for managing the infrastructure

Requirements

• 2+ years of relevant, full-time experience
• Thorough understanding of HTTP, TLS, DNS
• Knowledge of common web vulnerabilities, including those outlined in the OWASP Top 10, and how to mitigate them
• Familiarity with cloud infrastructure, network routing and basic infrastructure components
• Moderate understanding of JavaScript and its role in modern web applications
• Demonstrated ability to independently learn and adapt to new technologies
• Strong organizational skills and a detail-oriented approach
• Strong verbal and written communication and collaboration skills
• Bachelor's in Computer Science or related STEM field

Recommended Qualifications

• Hands-on experience using web application firewall solutions such as offerings from Akamai, AWS, F5, or Fortinet
• Experience using Splunk to analyze logs and detect malicious activity
• Proficiency in scripting languages such as JavaScript, Python, Bash, or PowerShell for automation
• Experience using APIs for automation, integration, or data analysis
• Familiarity with Git
• Understanding of common encoding and encryption schemes, and algorithms

#LI-TM1

#LI-Remote

Total Rewards

Esri's competitive total rewards strategy includes industry-leading health and welfare benefits: medical, dental, vision, basic and supplemental life insurance for employees (and their families), 401(k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth. Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

A reasonable estimate of the base salary range is

$73,840-$128,440 USD

The Company

At Esri, diversity is more than just a word on a map. When employees of different experiences, perspectives, backgrounds, and cultures come together, we are more innovative and ultimately a better place to work. We believe in having a diverse workforce that is unified under our mission of creating positive global change. We understand that diversity, equity, and inclusion is not a destination but an ongoing process. We are committed to the continuation of learning, growing, and changing our workplace so every employee can contribute to their life's best work. Our commitment to these principles extends to the global communities we serve by creating positive change with GIS technology. For more information on Esri's Racial Equity and Social Justice initiatives, please visit our website here.

If you don't meet all of the preferred qualifications for this position, we encourage you to still apply!

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. If you need reasonable accommodation for any part of the employment process, please email and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

Esri Privacy Esri takes our responsibility to protect your privacy seriously. We are committed to respecting your privacy by providing transparency in how we acquire and use your information, giving you control of your information and preferences, and holding ourselves to the highest national and international standards, including CCPA and GDPR compliance.