Sr. Application Security Specialist

Description and Requirements

Role Value Proposition:

This role serves as a key member of the Application Protection team. The candidate will be part of a team that maintains responsibility for life cycle management of application Distributed Denial of Service (DDoS), Bot Mitigation, and Web Application Firewall (WAF) application defense capabilities. Life cycle management includes such tasks as; identification and selection of applications, overseeing the onboarding, configuration, and deployment of service, overseeing upgrades, operations, and reporting. A highly sought candidate for this role will be dynamic and initiative-taking, possess a passion for application security, enjoy solving complex problems, enjoy sharing knowledge with others, excel under pressure, and constantly look for opportunities for team and personal improvement. Candidate must have a strong understanding of application security, especially Akamai.

Key Responsibilities:Ownership of application defense services - Ensure all new services are reviewed and included in network protection controls.Monitor/be aware of new DDoS and cybersecurity threats and regular review of controls to maintain effectiveness.Coordinate engineering teams' efforts in remediating or mitigating identified issues.Guide engineering peers and other counterparts on policies, procedures, and operational concerns regarding WAF configurations and migrated applications.Provide design, implementation, and migration support for moving applications behind a WAF.Make recommendations to transition applications from monitoring to blocking in WAF security policy.Perform attack signature analysis and recommendations, and policy exception processing.Provide guidance to customers on application security configuration, security protocols, and defensive security response.Assist customers with onboarding and provisioning applications/websites in application defense systems.Work with responsible teams to develop reporting to show the effectiveness of controls.Operating issue resolution, documenting actions in the ticketing system, knowledge base, or document storage location, and engaging vendor support as required.Ability to liaise and engage with stakeholders / technical teams, cross-functional teams, and project staff.Establish yourself as a trusted security advisor internally and externally.Appropriately manage time and customer issues based on issue severity and business needs.Support individuals/teams working on projects to ensure alignment with overall security goals.Keep abreast of new and emerging technologies, perform evaluation, and make recommendations to leadership for incorporation into architectural vision.Evaluate existing and/or proposed infrastructure solutions for compliance with security standards, and provide recommendations and approval as required.Provides informal assistance such as technical guidance, and/or training to coworkers.Essential Business Experience and Technical Skills:

Required:

5+ years of information security applications and systems experience including experience documenting, implementing, and supporting one or more of the following enterprise-level products: DDoS protection solutions, WAF solutions, and/or application security solutions.Information security/technology applications and systems experienceExperience troubleshooting and investigating operational issues related to Akamai.Must have a background in Security / Vulnerability engineering.Ability to proficiently use relevant tools and technologies for DDoS, WAF, and Bot detection and mitigation.Experience with Web Application Firewalls (WAF), and Bot MonitoringAdvanced knowledge of IT architecture standards and governance.Preferred:

Bachelor's degree in computer science, Information Systems, IT Security, or 5+ additional years of related equivalent work experience instead of a degree is required.Knowledge of the PCI framework, App Architecture, and Akamai.In-depth knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.Experience leading initiatives in a global environment extending across multiple countries and time zones.Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a complex environment with moderate supervision.Knowledge and understanding of Power BI reporting.Frequent contact with customers, contractors, and other internal teams to assess, resolve, and work through complex requirements and issues.Candidate is considered an SME in DDoS mitigation technologies (cloud, network, CPE), merging global operational support (on-net, off-net, CPE-based products), and countermeasure experience (vendor-specific, rate limiting, etc.).Excellent incident reporting skills are desired; a forensics background is a plus. The ability to provide consulting, policy reviews, training, security audits, and advisories, as well as support for malware/DDoS attacks, internal compromises, and other malicious events will be part of this skill set.

At MetLife, we're leading the global transformation of an industry we've long defined. United in purpose, diverse in perspective, we're dedicated to making a difference in the lives of our customers.

Benefits We Offer

Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more

About MetLifeRecognized on Fortune magazine's list of the 2023 "World's Most Admired Companies" as well as the 2023 Fortune 100 Best Companies to Work For , MetLife , through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.

Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by empathy, we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us

Equal Employment Opportunity/Disability/Veterans

If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.

MetLife maintains a drug-free workplace. #J-18808-Ljbffr