MetLife · 5 days ago
Sr. Application Security Specialist
Wonder how qualified you are to the job?
Asset ManagementFinancial Services
Insider Connection @MetLife
Responsibilities
Ownership of application defense services - Ensure all new services are reviewed and included in network protection controls.
Monitor/be aware of new DDoS and cybersecurity threats and regular review of controls to maintain effectiveness.
Coordinate engineering teams’ efforts in remediating or mitigating identified issues.
Guide engineering peers and other counterparts on policies, procedures, and operational concerns regarding WAF configurations and migrated applications.
Provide design, implementation, and migration support for moving applications behind a WAF.
Make recommendations to transition applications from monitoring to blocking in WAF security policy.
Perform attack signature analysis and recommendations, and policy exception processing.
Provide guidance to customers on application security configuration, security protocols, and defensive security response.
Assist customers with onboarding and provisioning applications/websites in application defense systems.
Work with responsible teams to develop reporting to show the effectiveness of controls.
Operating issue resolution, documenting actions in the ticketing system, knowledge base, or document storage location, and engaging vendor support as required.
Ability to liaise and engage with stakeholders / technical teams, cross-functional teams, and project staff.
Establish yourself as a trusted security advisor internally and externally.
Appropriately manage time and customer issues based on issue severity and business needs.
Support individuals/teams working on projects to ensure alignment with overall security goals.
Keep abreast of new and emerging technologies, perform evaluation, and make recommendations to leadership for incorporation into architectural vision.
Evaluate existing and/or proposed infrastructure solutions for compliance with security standards, and provide recommendations and approval as required.
Provides informal assistance such as technical guidance, and/or training to coworkers.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5+ years of information security applications and systems experience including experience documenting, implementing, and supporting one or more of the following enterprise-level products: DDoS protection solutions, WAF solutions, and/or application security solutions.
Information security/technology applications and systems experience
Experience troubleshooting and investigating operational issues related to Akamai.
Must have a background in Security / Vulnerability engineering.
Ability to proficiently use relevant tools and technologies for DDoS, WAF, and Bot detection and mitigation.
Experience with Web Application Firewalls (WAF), and Bot Monitoring
Advanced knowledge of IT architecture standards and governance.
Preferred
Bachelor’s degree in computer science, Information Systems, IT Security, or 5+ additional years of related equivalent work experience instead of a degree is required.
Knowledge of the PCI framework, App Architecture, and Akamai.
In-depth knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
Experience leading initiatives in a global environment extending across multiple countries and time zones.
Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a complex environment with moderate supervision.
Knowledge and understanding of Power BI reporting.
Frequent contact with customers, contractors, and other internal teams to assess, resolve, and work through complex requirements and issues.
Candidate is considered an SME in DDoS mitigation technologies (cloud, network, CPE), merging global operational support (on-net, off-net, CPE-based products), and countermeasure experience (vendor-specific, rate limiting, etc.).
Excellent incident reporting skills are desired; a forensics background is a plus. The ability to provide consulting, policy reviews, training, security audits, and advisories, as well as support for malware/DDoS attacks, internal compromises, and other malicious events will be part of this skill set.
Benefits
Medical/prescription drug and vision insurance
Dental insurance
Short- and long-term disability insurance
Company-paid life insurance and legal services
Retirement pension funded entirely by MetLife
401(k) with employer matching
Group discounts on voluntary insurance products
Employee Assistance Program (EAP) and digital mental health programs
Parental leave
Volunteer time off
Tuition assistance
Company
MetLife
MetLife is a provider of insurance, employee benefits, and financial services .
H1B Sponsorship
MetLife has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2023 (61)
2022 (165)
2021 (96)
2020 (78)
Funding
Current Stage
Public CompanyTotal Funding
unknown2000-04-28IPO· fra:MWZ
Leadership Team
Recent News
Minneapolis / St. Paul Business Journal
2024-06-04
2024-06-01
bloomberglaw.com
2024-05-27
Company data provided by crunchbase