Job Title: Platform Engineer – DevSecOps & Defensive Security

Location: Gurgaon, India

Experience: Minimum 7 years in DevOps/DevSecOps with SecOps exposure

Job Role Overview:

We are seeking a Platform Engineer with a solid background in DevOps and DevSecOps, and hands-on expertise in defensive security, including Web Application Firewalls (WAFs), IDS/IPS, API protection, account takeover defense, and content protection.

This role focuses on edge and application-layer security, with collaboration across Information Security, DevOps, Digital Experience, and Platform teams to enhance protections for modern web and API services.

Key Responsibilities:

• Design and manage security features for public-facing web and API infrastructure.
• Configure and maintain WAF and IDS/IPS to detect and mitigate threats.
• Implement API security measures including endpoint discovery, schema validation, rate limiting, and anomaly detection.
• Build controls against ATO and credential stuffing via behavioral analysis.
• Enable scraping prevention and sensitive content protection strategies.
• Integrate security into CI/CD workflows to enforce secure deployment.
• Monitor alerts from edge security platforms and tune rules proactively.
• Participate in threat modeling and post-incident response.
• Automate and maintain visibility into edge protections using scripting tools.
• Maintain documentation for security processes, configurations, and runbooks.

Required Skills & Experience:

• 7+ years in SecOps with focus on DevSecOps and Security Engineering.
• Deep hands-on experience with:
  • WAFs, IDS/IPS systems
  • API security and bot detection
  • Abuse prevention and rate limiting strategies
• Proficiency with CI/CD, scripting (Python/Bash), and IaC (Terraform).
• Strong understanding of HTTP/S, TLS, DNS, CDN, and app-layer attack patterns.
• Familiarity with SIEM/logging systems and production support workflows.

Preferred / Nice-to-Have Skills:

• Experience with Akamai Security Suite (Kona WAF, Account/Content Protector, Bot Manager, API Security).
• Experience with Cloudflare Enterprise Security (WAF, Bot Management, API Gateway).
• Edge defense knowledge (DDoS protection, geo/IP access control, reverse proxy).
• Security certifications: OSCP, CEH, GIAC, CISSP, or equivalent.

Soft Skills:

• Strong communicator across engineering and security teams.
• Clear understanding of security tradeoffs and risk.
• Self-starter with a secure-by-default mindset.
• Agile-ready and experienced in high-compliance or high-scale environments.

Why This Role Matters:

This role sits at the intersection of platform engineering and application-layer defense. You will help protect the organization’s most critical digital assets by building scalable, proactive security controls that operate at the edge, in real time, and under modern threat conditions.