Web Application Security Engineer

Position Overview

We are seeking an experienced Web Application Security Engineer to join our team in a unique purple team capacity. This role blends offensive penetration testing expertise with defensive blue‑team capabilities, focusing on securing our web applications and SD‑WAN network infrastructure. The successful candidate will conduct comprehensive security assessments of our web applications while strengthening our defensive posture across our complex proxy and reverse‑proxy architecture.

Core Responsibilities

Offensive Security (Penetration Testing)

Conduct thorough and methodical penetration tests against web applications, APIs, and network infrastructure. Identify security vulnerabilities via manual testing, automated scanning, and realistic attack scenarios, covering authentication, authorization, input validation, session management, and business logic flaws across our application portfolio.

Perform security assessments of our SD‑WAN infrastructure, emphasizing proxy configurations, reverse‑proxy implementations, SSL / TLS termination points, and web application firewalls.

Defensive Security (Blue Team Operations)

Monitor security events, analyze logs from WAFs and proxy infrastructure, and respond to incidents affecting web applications. Investigate suspicious activities, perform root‑cause analysis, and implement corrective measures. Tune and optimize security controls, including WAF rules, proxy access controls, rate‑limiting configurations, and DDoS mitigation strategies.

Purple Team Collaboration

Serve as a bridge between offensive and defensive teams. Design and execute purple‑team exercises to test detection capabilities and defensive controls. Ensure monitoring systems can detect post‑test attacks, creating detection rules and improving reliability. Facilitate knowledge transfer to help defenders understand attacker techniques.

Security Integration and Automation

Develop automation scripts and tools for vulnerability scanning, configuration auditing, and security report generation to streamline repetitive tasks.

Requirements

Required Qualifications

• Education : Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related technical field; or equivalent practical experience.
• Experience : Minimum 3‑5 years of hands‑on web application penetration testing and security assessment.
• Technical Skills : Deep understanding of OWASP Top 10 vulnerabilities, common web application attack vectors, and remediation strategies.
• Network Security : Practical experience with SD‑WAN technologies, forward proxies, reverse proxies (Nginx, HAProxy, Apache), and load balancers.
• Security Tools : Proficiency with Burp Suite Professional, OWASP ZAP, Nmap, Metasploit, and vulnerability scanning platforms.
• Programming : Strong scripting abilities in Python, Bash, or PowerShell; familiarity with JavaScript, PHP, Java, or .NET for code review.
• Blue Team Skills : Experience with SIEM platforms, log analysis, incident response procedures, and threat hunting methodologies; experience configuring and tuning web application firewalls and deep packet inspections.

Preferred Qualifications

Experience with cloud security (AWS, Azure, alternative cloud environments), container security (Docker, Kubernetes), API security testing (REST, GraphQL, SOAP), and mobile application security. Prior purple‑team experience or demonstrated ability to work effectively across offensive and defensive security functions. Excellent written and verbal communication skills.

Benefits

Seniority Level

Mid‑Senior level

Employment Type

Full‑time

Job Function

Information Technology

Industries

IT Services and IT Consulting

#J-18808-Ljbffr