Key skills
CDN securityAkamaiCloudflareFastlyAWS CloudFrontWeb Application Firewall (WAF) managementBot mitigation policiesDDoS mitigation strategiesCDN security event log analysisPython scriptingBash scriptingInfrastructure-as-Code (Terraform)Container securityKubernetes hardeningCI/CD pipeline securitySIEM toolsThreat intelligence platformsCompliance frameworks SOC 2Compliance frameworks ISO 27001Compliance frameworks PCI-DSSAPI security gatewaysGraphQL API securityREST API securityE-commerce securityThreat modelingContent Security Policy (CSP)Subresource Integrity (SRI)Browser-side attack detectionarticulate trade-offs between security posturebusiness impactPythonBashAnalyticsGraphQLAWSAzureTerraformKubernetesCloudFormationCloudFrontCDNCI/CDOWASPCloud SecurityWAFFirewall
About this role
ALO is a company dedicated to mindful movement and improving the lives of individuals and communities. They are seeking a highly skilled Platform Security Engineer to enhance their edge and application security across high-traffic e-commerce and digital platforms, focusing on CDN security, DDoS mitigation, and cloud infrastructure security.
Responsibilities:
- Own the full lifecycle of CDN security configuration across enterprise platforms (Akamai, Cloudflare, Fastly, or equivalent), including origin shield, TLS/SSL policy, and traffic routing
- Design, implement, and continuously tune Web Application Firewall rule sets—including OWASP Core Rule Set customization, rate limiting, geo-restrictions, and virtual patching for emerging vulnerabilities
- Lead DDoS mitigation strategy and incident response for both volumetric (L3/L4) and application-layer (L7) attacks; develop runbooks, define thresholds, and coordinate with CDN vendors during active events
- Configure and manage botmanagement platforms (e.g., Akamai Bot Manager, Cloudflare Bot Management, DataDome, or equivalent), including policy creation, bot classification logic, CAPTCHA challenge rules, and false-positive tuning
- Analyze CDN traffic logs, security dashboards, and threat intelligence feeds to identifyanomalous patterns, emerging attack campaigns, and opportunities to harden edge policies proactively
- Develop and maintainrate limiting, IP reputation management, and client fingerprinting policies to defend against credential stuffing, scraping, account takeover, and API abuse
- Partner with CDN and security vendors on escalated threat investigations, platform capabilities, and contract/SLA management
- Architect and enforce security standards across cloud platforms (AWS, Azure)
- Integrate security into CI/CD pipelines and automate compliance and configuration checks using Infrastructure-as-Code (Terraform, CloudFormation)
- Conduct vulnerability assessments, penetration tests, and respond to security incidents promptly and thoroughly
- Manage privileged access and enforce least-privilege principles; implement identity security measures for multi-cloud environments
- Collaborate with DevOps and engineering teams to embed security into platform design from the ground up
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent practical experience)
- 5+ years in platform security, cloud security, or edge security roles, with a minimum of 3 years in a hands-on CDN security capacity
- Deep, demonstrable expertise with enterprise CDN platforms such as Akamai, Cloudflare, Fastly, or AWS CloudFront, including:
- Writing, deploying, and tuning custom WAF rules and managed rule groups
- Configuring and managing bot mitigation policies, bot scoring thresholds, and challenge/block actions
- Designing and executing DDoS mitigation strategies for both volumetric and application-layer attacks
- Analyzing CDN security event logs and traffic analytics to identify and respond to threats in real time
- Proven experience supporting high-traffic, revenue-critical websites and securing large-scale distributed systems where availability and integrity are non-negotiable
- Ability to articulate trade-offs between security posture and business impact (e.g., false positive rates, latency, user experience) when configuring CDN edge policies
- Proficiency in scripting languages (Python, Bash) for automating CDN policy management, log analysis, and alerting
- Experience with Infrastructure-as-Code tools (Terraform) for managing CDN and cloud security configurations
- Experience with container security, Kubernetes hardening, and CI/CD pipeline security
- Familiarity with SIEM tools, threat intelligence platforms, and compliance frameworks (SOC 2, ISO 27001, PCI-DSS)
- Experience with API security gateways and securing GraphQL/REST APIs at the edge
- Background in e-commerce security, retail, or DTC (direct-to-consumer) environments with high seasonal traffic spikes
- Experience with threat modeling for web application architectures and CDN-integrated platforms
- Familiarity with client-side security standards such as Content Security Policy (CSP), Subresource Integrity (SRI), and browser-side attack detection
- CDN or security vendor certifications (e.g., Akamai Certified Professional, Cloudflare Certified, AWS Security Specialty)