Senior Security Engineer – Web Application & Network Protection (C2H)

Blue Star Partners LLC

Columbus, OH

JOB DETAILS
SALARY
$70–$79 Per Hour
SKILLS
(XSS) Cross Site Scripting, Analysis Skills, Application Programming Interface (API), Applications Security, Authentication, Automation, CISSP - Certified Information Systems Security Professional, Cloud Applications, Cloud Computing, Computer Security, Consulting, Content Delivery Network (CDN), Continuous Deployment/Delivery, Continuous Integration, Cryptography, DNS (Domain Name System), Denial of Service (DoS), Enterprise Applications, F5 Network Software, Firewalls, GIAC - Global Information Assurance Certification, Geolocation, Git, Hunting, Identify Issues, Incident Response, Injections, International Information Systems Security Certification Consortium (ISC)2, Internet Application, Internet Security, Machine Tool, Multiplatform/Cross-Platform, NAT (Network Address Translation), Network Administration/Management, Network Routing, Network Security, Network Support, On Call, Onboarding, Operational Improvement, Operational Strategy, Operational Support, Operations Processes, Operations Security (OPSEC), Problem Solving Skills, Python Programming/Scripting Language, REST (Representational State Transfer), Reporting Dashboards, Risk Management, Root Cause Analysis, SQL (Structured Query Language), SSL-TLS (Secure Socket Layer - Transport Layer Security), Scripting (Scripting Languages), Security Analysis, Security Architecture, Security Attacks, Security Infrastructure, Security Monitoring, Software Administration, Systems Administration/Management, Team Player, Traffic Shaping, VPN (Virtual Private Network)
LOCATION
Columbus, OH
POSTED
1 day ago

Job Title: Senior Security Engineer – Web Application & Network Protection (Contract to Hire)
Location: Columbus, OH (Local Candidates only)
Rate: $70–$79/hour
Work Model: Hybrid (Onsite Tuesday–Thursday, Remote Monday & Friday)
Contract Length: July 27, 2026 – July 26, 2027
Extension / Conversion: Contract-to-Hire
Employment Type: W-2 Only
Work Authorization: U.S. Citizens Only | Green Card holders also eligible; no visa sponsorship available

Position Overview

We are seeking an experienced Senior Security Engineer – Web Application & Network Protection to lead the design, implementation, and support of enterprise web application and network security solutions. This role is responsible for protecting internet-facing applications and critical enterprise services through a combination of web application firewall (WAF) technologies, API security, bot protection, DDoS mitigation, and network security controls.

The ideal candidate brings a strong mix of application security, network security, cloud security, and automation experience, with hands-on expertise supporting technologies such as F5 Distributed Cloud WAF, Palo Alto Networks firewalls, and secure remote access platforms. This individual will partner across security, infrastructure, networking, cloud, and application teams to strengthen enterprise defenses, improve operational efficiency, and support secure onboarding of business-critical applications.

This is a strong fit for a cybersecurity engineer who is equally comfortable with security architecture, operational support, incident response, automation, and stakeholder collaboration in a modern enterprise environment.

Key Responsibilities

Web Application Security

  • Administer and support the F5 Distributed Cloud (XC) WAF platform.
  • Deploy, configure, and maintain WAF policies, signatures, and security controls for internet-facing applications.
  • Configure and optimize protections related to:
    • API Protection
    • Bot Defense / Bot Management
    • DDoS Mitigation
    • Geolocation Policies
    • Rate Limiting
    • CAPTCHA Challenges
  • Investigate and tune false positives to balance protection with business usability.
  • Perform application onboarding into WAF services and support secure rollout of web-facing applications.
  • Conduct policy reviews and continuous optimization of WAF protections.
  • Support investigation and response activities related to web application attacks and anomalous traffic.

Application Security

  • Apply strong understanding of common web and API threats, including:
    • OWASP Top 10
    • Authentication attacks
    • API abuse
    • Credential stuffing
    • Session hijacking
    • Cross-Site Scripting (XSS)
    • SQL Injection
    • SSRF
    • CSRF
  • Review application architectures and recommend improvements to strengthen security posture.
  • Partner with development and engineering teams during application onboarding, remediation, and troubleshooting.
  • Help ensure secure design considerations are integrated into enterprise application delivery and support processes.

Network Security

  • Administer and support key network security technologies, including:
    • Palo Alto Networks NGFW
    • Prisma Access
    • Site-to-site VPNs
    • SSL decryption
    • NAT and security policies
    • Network segmentation
  • Support DNS and routing troubleshooting related to protected applications and network flows.
  • Assist with production security incidents and operational support activities.
  • Participate in an on-call rotation as needed to support enterprise services and incident response.

Cloud, Automation & DevSecOps

  • Develop and maintain automation solutions using:
    • Python
    • REST APIs
    • Terraform
    • Git
  • Automate repetitive operational tasks to improve consistency, scalability, and efficiency.
  • Build dashboards, reporting, and visibility tools to help monitor security posture and operational performance.
  • Support DevSecOps and CI/CD practices by partnering with engineering teams to embed security into deployment pipelines and operational processes.
  • Contribute to secure infrastructure and application delivery practices across cloud and containerized environments.

Security Operations & Continuous Improvement

  • Participate in:
    • Incident response
    • Threat hunting
    • Security assessments
    • Vulnerability remediation
    • Root cause analysis
    • Architecture reviews
  • Support identification and remediation of vulnerabilities affecting web applications, APIs, and network security infrastructure.
  • Contribute to ongoing enhancement of detection, prevention, and response capabilities.
  • Provide recommendations to improve operational security controls, reduce risk, and strengthen enterprise resilience.

Day-to-Day Responsibilities

  • Administer and tune WAF, API security, bot protection, and DDoS controls for enterprise applications.
  • Onboard applications into F5 Distributed Cloud WAF and coordinate with application teams on requirements and troubleshooting.
  • Review alerts, investigate suspicious activity, and respond to web application or network security incidents.
  • Manage Palo Alto firewall policies, Prisma Access configurations, VPNs, and related network security controls.
  • Support false positive analysis and policy optimization across application security tools.
  • Develop scripts and automation to improve security operations and reduce manual effort.
  • Collaborate with developers, infrastructure engineers, network teams, and security stakeholders to improve protections and resolve issues.
  • Participate in architecture reviews, security assessments, and remediation planning.

Required Qualifications

  • 7+ years of experience in cybersecurity engineering, with strong focus on web application security, network security, or cloud security.
  • Hands-on experience administering and supporting web application firewall (WAF) technologies in an enterprise environment.
  • Experience with F5 Distributed Cloud (XC) WAF or comparable advanced WAF platforms.
  • Strong understanding of:
    • Web application attacks
    • API security threats
    • Bot mitigation
    • DDoS protection
    • Authentication and session-related attack patterns
  • Experience supporting Palo Alto Networks security technologies, including NGFW and/or Prisma Access.
  • Experience with network security concepts such as VPNs, SSL decryption, NAT, segmentation, DNS, and routing troubleshooting.
  • Experience with automation and scripting using Python, REST APIs, Terraform, and Git.
  • Familiarity with DevSecOps and CI/CD pipelines.
  • Strong incident response, troubleshooting, and problem-solving skills.
  • Ability to work across infrastructure, cloud, networking, development, and security teams in a collaborative environment.

Preferred Qualifications

  • Experience with:
    • Bot Management
    • API Security
    • DDoS Protection
    • CDN technologies
    • Kubernetes
    • Containers
    • Terraform
    • DevSecOps
    • CI/CD pipelines
  • Experience building security dashboards, posture reporting, or automation tooling.
  • Familiarity with secure cloud-native application delivery and modern edge security architectures.
  • Experience in regulated, utility, or large enterprise environments is a plus.

Preferred Certifications

  • OWASP Foundation certifications
  • ISC2 CISSP
  • GIAC certifications
  • F5 certifications
  • Palo Alto Networks certifications

Core Competencies

  • Web Application Security
  • WAF Administration
  • API Security
  • Bot Management
  • DDoS Mitigation
  • Network Security
  • Palo Alto Networks
  • Prisma Access
  • Cloud Security
  • DevSecOps
  • Security Automation
  • Incident Response

Ideal Candidate Profile

The ideal candidate is a hands-on senior cybersecurity engineer with strong expertise in securing internet-facing applications and enterprise network environments. They are comfortable working across WAF platforms, firewalls, APIs, automation, and cloud-connected services, and they know how to balance operational support with strategic improvements to security posture. This person is proactive, technically deep, and effective at partnering across teams to protect critical enterprise services.

Additional Notes

  • This is a contract-to-hire opportunity.
  • The role requires a hybrid onsite schedule in Columbus, OH.
  • Candidates must be authorized to work in the United States now and in the future without sponsorship.

About the Company

B

Blue Star Partners LLC