- Location
- Kochi, Kerala, India
- Job type
- Full-time
Required skills
- Python
- SIEM
- PCI-DSS
- AWS
- Azure
- Bash
- CDN
- CloudFormation
- CloudFront
- compliance
- DevOps
- e-commerce
- firewall
- GraphQL
- incident response
- information security
- infrastructure-as-code
- IP
- Kubernetes
- SSL
- Terraform
- REST APIs
About the role
Litmus7
Website:
litmus7.com
Job details:
CDN, WAF & Edge Security (Primary Focus)
- Own the full lifecycle of CDN security configuration across enterprise platforms (Akamai, Cloudflare, Fastly, or equivalent), including origin shield, TLS/SSL policy, and traffic routing.
- Design, implement, and continuously tune Web Application Firewall rule sets including OWASP Core Rule Set customization, rate limiting, geo-restrictions, and virtual patching for emerging vulnerabilities.
- Lead DDoS mitigation strategy and incident response for both volumetric (L3/L4) and application-layer (L7) attacks; develop runbooks, define thresholds, and coordinate with CDN vendors during active events.
- Configure and manage Bot management platforms (e.g., Akamai Bot Manager, Cloudflare Bot Management, DataDome, or equivalent), including policy creation, bot classification logic, CAPTCHA challenge rules, and false-positive tuning.
- Analyze CDN traffic logs, security dashboards, and threat intelligence feeds to identify anomalous patterns, emerging attack campaigns, and opportunities to harden edge policies proactively.
- Develop and maintain rate limiting, IP reputation management, and client fingerprinting policies to defend against credential stuffing, scraping, account takeover, and API abuse.
- Partner with CDN and security vendors on escalated threat investigations, platform capabilities, and contract/SLA management.
Cloud Platform & Infrastructure Security
- Architect and enforce security standards across cloud platforms (AWS, Azure).
- Integrate security into CI/CD pipelines and automate compliance and configuration checks using Infrastructure-as-Code (Terraform, CloudFormation).
- Conduct vulnerability assessments, penetration tests, and respond to security incidents promptly and thoroughly.
- Manage privileged access and enforce least-privilege principles; implement identity security measures for multi-cloud environments.
- Collaborate with DevOps and engineering teams to embed security into platform design from the ground up.
Qualifications - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
- 5+ years in platform security, cloud security, or edge security roles, with a minimum of 3 years in a hands-on CDN security capacity.
- Deep, demonstrable expertise with enterprise CDN platforms such as Akamai, Cloudflare, Fastly, or AWS CloudFront, including:
- Writing, deploying, and tuning custom WAF rules and managed rule groups.
- Configuring and managing bot mitigation policies, bot scoring thresholds, and challenge/block actions.
- Designing and executing DDoS mitigation strategies for both volumetric and application-layer attacks.
- Analyzing CDN security event logs and traffic analytics to identify and respond to threats in real time.
- Proven experience supporting high-traffic, revenue-critical websites and securing large-scale distributed systems where availability and integrity are non-negotiable.
- Ability to articulate trade-offs between security posture and business impact (e.g., false positive rates, latency, user experience) when configuring CDN edge policies.
- Proficiency in scripting languages (Python, Bash) for automating CDN policy management, log analysis, and alerting.
- Experience in Infrastructure-as-Code tools (Terraform) for managing CDN and cloud security configurations.
- Experience in container security, Kubernetes hardening, and CI/CD pipeline security.
- Familiarity with SIEM tools, threat intelligence platforms, and compliance frameworks (SOC 2, ISO 27001, PCI-DSS).
- CDN or security vendor certifications (e.g., Akamai Certified Professional, Cloudflare Certified, AWS Security Specialty).
- Experience with API security gateways and securing GraphQL/REST APIs at the edge.
- Background in e-commerce security, retail, or DTC (direct-to-consumer) environments with high seasonal traffic spikes.
- Experience in threat modeling for web application architectures and CDN-integrated platforms.
- Familiarity with client-side security standards such as Content Security Policy (CSP), Subresource Integrity (SRI), and browser-side attack detection.
Click on Apply to know more.
This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.