Job Description
Job Title: Senior Security Engineer – Web Application & Network Protection (Contract to Hire)
Location: Columbus, OH
Rate: $70–$79/hour
Work Model: Hybrid (Onsite Tuesday–Thursday, Remote Monday & Friday)
Contract Length: July 27, 2026 – July 26, 2027
Extension / Conversion: Contract-to-Hire
Employment Type: W-2 Only
Work Authorization: U.S. Citizens Only Green Card holders also eligible; no visa sponsorship availablePosition Overview
We are seeking an experienced Senior Security Engineer – Web Application & Network Protection to lead the design, implementation, and support of enterprise web application and network security solutions. This role is responsible for protecting internet-facing applications and critical enterprise services through a combination of web application firewall (WAF) technologies, API security, bot protection, DDoS mitigation, and network security controls.
The ideal candidate brings a strong mix of application security, network security, cloud security, and automation experience, with hands-on expertise supporting technologies such as F5 Distributed Cloud WAF, Palo Alto Networks firewalls, and secure remote access platforms. This individual will partner across security, infrastructure, networking, cloud, and application teams to strengthen enterprise defenses, improve operational efficiency, and support secure onboarding of business-critical applications.
This is a strong fit for a cybersecurity engineer who is equally comfortable with security architecture, operational support, incident response, automation, and stakeholder collaboration in a modern enterprise environment.Key ResponsibilitiesWeb Application Security
Administer and support the F5 Distributed Cloud (XC) WAF platform.
Deploy, configure, and maintain WAF policies, signatures, and security controls for internet-facing applications.
Configure and optimize protections related to:
API Protection
Bot Defense / Bot Management
DDoS Mitigation
Geolocation Policies
Rate Limiting
CAPTCHA Challenges
Investigate and tune false positives to balance protection with business usability.
Perform application onboarding into WAF services and support secure rollout of web-facing applications.
Conduct policy reviews and continuous optimization of WAF protections.
Support investigation and response activities related to web application attacks and anomalous traffic.Application Security
Apply strong understanding of common web and API threats, including:
OWASP Top 10
Authentication attacks
API abuse
Credential stuffing
Session hijacking
Cross-Site Scripting (XSS)
SQL Injection
SSRF
CSRF
Review application architectures and recommend improvements to strengthen security posture.
Partner with development and engineering teams during application onboarding, remediation, and troubleshooting.
Help ensure secure design considerations are integrated into enterprise application delivery and support processes.Network Security
Administer and support key network security technologies, including:
Palo Alto Networks NGFW
Prisma Access
Site-to-site VPNs
SSL decryption
NAT and security policies
Network segmentation
Support DNS and routing troubleshooting related to protected applications and network flows.
Assist with production security incidents and operational support activities.
Participate in an on-call rotation as needed to support enterprise services and incident response.Cloud, Automation & DevSecOps
Develop and maintain automation solutions using:
Python
REST APIs
Terraform
Git
Automate repetitive operational tasks to improve consistency, scalability, and efficiency.
Build dashboards, reporting, and visibility tools to help monitor security posture and operational performance.
Support DevSecOps and CI/CD practices by partnering with engineering teams to embed security into deployment pipelines and operational processes.
Contribute to secure infrastructure and application delivery practices across cloud and containerized environments.Security Operations & Continuous Improvement
Participate in:
Incident response
Threat hunting
Security assessments
Vulnerability remediation
Root cause analysis
Architecture reviews
Support identification and remediation of vulnerabilities affecting web applications, APIs, and network security infrastructure.
Contribute to ongoing enhancement of detection, prevention, and response capabilities.
Provide recommendations to improve operational security controls, reduce risk, and strengthen enterprise resilience.Day-to-Day Responsibilities
Administer and tune WAF, API security, bot protection, and DDoS controls for enterprise applications.
Onboard applications into F5 Distributed Cloud WAF and coordinate with application teams on requirements and troubleshooting.
Review alerts, investigate suspicious activity, and respond to web application or network security incidents.
Manage Palo Alto firewall policies, Prisma Access configurations, VPNs, and related network security controls.
Support false positive analysis and policy optimization across application security tools.
Develop scripts and automation to improve security operations and reduce manual effort.
Collaborate with developers, infrastructure engineers, network teams, and security stakeholders to improve protections and resolve issues.
Participate in architecture reviews, security assessments, and remediation planning.Required Qualifications
7+ years of experience in cybersecurity engineering, with strong focus on web application security, network security, or cloud security.
Hands-on experience administering and supporting web application firewall (WAF) technologies in an enterprise environment.
Experience with F5 Distributed Cloud (XC) WAF or comparable advanced WAF platforms.
Strong understanding of:
Web application attacks
API security threats
Bot mitigation
DDoS protection
Authentication and session-related attack patterns
Experience supporting Palo Alto Networks security technologies, including NGFW and/or Prisma Access.
Experience with network security concepts such as VPNs, SSL decryption, NAT, segmentation, DNS, and routing troubleshooting.
Experience with automation and scripting using Python, REST APIs, Terraform, and Git.
Familiarity with DevSecOps and CI/CD pipelines.
Strong incident response, troubleshooting, and problem-solving skills.
Ability to work across infrastructure, cloud, networking, development, and security teams in a collaborative environment.Preferred Qualifications
Experience with:
Bot Management
API Security
DDoS Protection
CDN technologies
Kubernetes
Containers
Terraform
DevSecOps
CI/CD pipelines
Experience building security dashboards, posture reporting, or automation tooling.
Familiarity with secure cloud-native application delivery and modern edge security architectures.
Experience in regulated, utility, or large enterprise environments is a plus.Preferred Certifications
OWASP Foundation certifications
ISC2 CISSP
GIAC certifications
F5 certifications
Palo Alto Networks certificationsCore Competencies
Web Application Security
WAF Administration
API Security
Bot Management
DDoS Mitigation
Network Security
Palo Alto Networks
Prisma Access
Cloud Security
DevSecOps
Security Automation
Incident ResponseIdeal Candidate Profile
The ideal candidate is a hands-on senior cybersecurity engineer with strong expertise in securing internet-facing applications and enterprise network environments. They are comfortable working across WAF platforms, firewalls, APIs, automation, and cloud-connected services, and they know how to balance operational support with strategic improvements to security posture. This person is proactive, technically deep, and effective at partnering across teams to protect critical enterprise services.Additional Notes
This is a contract-to-hire opportunity.
The role requires a hybrid onsite schedule in Columbus, OH.
Candidates must be authorized to work in the United States now and in the future without sponsorship.
Hybrid remote