Post Job Free
Sign in

Senior Security Engineer - Web Application & Network Protection (C2H)

Company:
Blue Star Partners LLC
Location:
Columbus, OH
Pay:
70USD - 79USD per hour
Posted:
July 09, 2026
Apply

Description:

Job Description

Job Title: Senior Security Engineer – Web Application & Network Protection (Contract to Hire)

Location: Columbus, OH

Rate: $70–$79/hour

Work Model: Hybrid (Onsite Tuesday–Thursday, Remote Monday & Friday)

Contract Length: July 27, 2026 – July 26, 2027

Extension / Conversion: Contract-to-Hire

Employment Type: W-2 Only

Work Authorization: U.S. Citizens Only Green Card holders also eligible; no visa sponsorship availablePosition Overview

We are seeking an experienced Senior Security Engineer – Web Application & Network Protection to lead the design, implementation, and support of enterprise web application and network security solutions. This role is responsible for protecting internet-facing applications and critical enterprise services through a combination of web application firewall (WAF) technologies, API security, bot protection, DDoS mitigation, and network security controls.

The ideal candidate brings a strong mix of application security, network security, cloud security, and automation experience, with hands-on expertise supporting technologies such as F5 Distributed Cloud WAF, Palo Alto Networks firewalls, and secure remote access platforms. This individual will partner across security, infrastructure, networking, cloud, and application teams to strengthen enterprise defenses, improve operational efficiency, and support secure onboarding of business-critical applications.

This is a strong fit for a cybersecurity engineer who is equally comfortable with security architecture, operational support, incident response, automation, and stakeholder collaboration in a modern enterprise environment.Key ResponsibilitiesWeb Application Security

Administer and support the F5 Distributed Cloud (XC) WAF platform.

Deploy, configure, and maintain WAF policies, signatures, and security controls for internet-facing applications.

Configure and optimize protections related to:

API Protection

Bot Defense / Bot Management

DDoS Mitigation

Geolocation Policies

Rate Limiting

CAPTCHA Challenges

Investigate and tune false positives to balance protection with business usability.

Perform application onboarding into WAF services and support secure rollout of web-facing applications.

Conduct policy reviews and continuous optimization of WAF protections.

Support investigation and response activities related to web application attacks and anomalous traffic.Application Security

Apply strong understanding of common web and API threats, including:

OWASP Top 10

Authentication attacks

API abuse

Credential stuffing

Session hijacking

Cross-Site Scripting (XSS)

SQL Injection

SSRF

CSRF

Review application architectures and recommend improvements to strengthen security posture.

Partner with development and engineering teams during application onboarding, remediation, and troubleshooting.

Help ensure secure design considerations are integrated into enterprise application delivery and support processes.Network Security

Administer and support key network security technologies, including:

Palo Alto Networks NGFW

Prisma Access

Site-to-site VPNs

SSL decryption

NAT and security policies

Network segmentation

Support DNS and routing troubleshooting related to protected applications and network flows.

Assist with production security incidents and operational support activities.

Participate in an on-call rotation as needed to support enterprise services and incident response.Cloud, Automation & DevSecOps

Develop and maintain automation solutions using:

Python

REST APIs

Terraform

Git

Automate repetitive operational tasks to improve consistency, scalability, and efficiency.

Build dashboards, reporting, and visibility tools to help monitor security posture and operational performance.

Support DevSecOps and CI/CD practices by partnering with engineering teams to embed security into deployment pipelines and operational processes.

Contribute to secure infrastructure and application delivery practices across cloud and containerized environments.Security Operations & Continuous Improvement

Participate in:

Incident response

Threat hunting

Security assessments

Vulnerability remediation

Root cause analysis

Architecture reviews

Support identification and remediation of vulnerabilities affecting web applications, APIs, and network security infrastructure.

Contribute to ongoing enhancement of detection, prevention, and response capabilities.

Provide recommendations to improve operational security controls, reduce risk, and strengthen enterprise resilience.Day-to-Day Responsibilities

Administer and tune WAF, API security, bot protection, and DDoS controls for enterprise applications.

Onboard applications into F5 Distributed Cloud WAF and coordinate with application teams on requirements and troubleshooting.

Review alerts, investigate suspicious activity, and respond to web application or network security incidents.

Manage Palo Alto firewall policies, Prisma Access configurations, VPNs, and related network security controls.

Support false positive analysis and policy optimization across application security tools.

Develop scripts and automation to improve security operations and reduce manual effort.

Collaborate with developers, infrastructure engineers, network teams, and security stakeholders to improve protections and resolve issues.

Participate in architecture reviews, security assessments, and remediation planning.Required Qualifications

7+ years of experience in cybersecurity engineering, with strong focus on web application security, network security, or cloud security.

Hands-on experience administering and supporting web application firewall (WAF) technologies in an enterprise environment.

Experience with F5 Distributed Cloud (XC) WAF or comparable advanced WAF platforms.

Strong understanding of:

Web application attacks

API security threats

Bot mitigation

DDoS protection

Authentication and session-related attack patterns

Experience supporting Palo Alto Networks security technologies, including NGFW and/or Prisma Access.

Experience with network security concepts such as VPNs, SSL decryption, NAT, segmentation, DNS, and routing troubleshooting.

Experience with automation and scripting using Python, REST APIs, Terraform, and Git.

Familiarity with DevSecOps and CI/CD pipelines.

Strong incident response, troubleshooting, and problem-solving skills.

Ability to work across infrastructure, cloud, networking, development, and security teams in a collaborative environment.Preferred Qualifications

Experience with:

Bot Management

API Security

DDoS Protection

CDN technologies

Kubernetes

Containers

Terraform

DevSecOps

CI/CD pipelines

Experience building security dashboards, posture reporting, or automation tooling.

Familiarity with secure cloud-native application delivery and modern edge security architectures.

Experience in regulated, utility, or large enterprise environments is a plus.Preferred Certifications

OWASP Foundation certifications

ISC2 CISSP

GIAC certifications

F5 certifications

Palo Alto Networks certificationsCore Competencies

Web Application Security

WAF Administration

API Security

Bot Management

DDoS Mitigation

Network Security

Palo Alto Networks

Prisma Access

Cloud Security

DevSecOps

Security Automation

Incident ResponseIdeal Candidate Profile

The ideal candidate is a hands-on senior cybersecurity engineer with strong expertise in securing internet-facing applications and enterprise network environments. They are comfortable working across WAF platforms, firewalls, APIs, automation, and cloud-connected services, and they know how to balance operational support with strategic improvements to security posture. This person is proactive, technically deep, and effective at partnering across teams to protect critical enterprise services.Additional Notes

This is a contract-to-hire opportunity.

The role requires a hybrid onsite schedule in Columbus, OH.

Candidates must be authorized to work in the United States now and in the future without sponsorship.

Hybrid remote

Apply