Cyber Engineer III - API Security

The Senior Engineer, Application & API Security is a key member of the E-WAAP team and serves as a technical lead for our Akamai-based web and API security platform. You will:





+ Lead onboarding of new applications and APIs onto Akamai (WAF, CDN, bot, and API security capabilities).



+ Design and tune security policies to protect against OWASP Top 10, API abuse, bots, and DDoS while preserving performance and user experience.



+ Partner with product teams, developers, and cloud teams to embed E-WAAP into CI/CD and DevSecOps workflows.





This role reports into the G5 Manager, Application & API Security (E-WAAP) and will provide coaching and technical direction to G3 Engineers and G2/G3 Analysts as we in-source capabilities from our managed services provider.



Responsibilities & Accountabilities:





+ Platform engineering & design



+ Lead the onboarding of new web and API workloads to Akamai, from discovery and architecture review to staging, validation, and production cutover.



+ Design and implement WAF, bot management, DDoS, and rate-limiting policies tailored to application risk profiles and business requirements.



+ Build reusable configuration patterns, templates, and reference architectures for common McDonald’s application types (e.g., marketing sites, e-commerce, APIs, partner integrations).



+ Use Akamai APIs, automation frameworks, and infrastructure-as-code (e.g., Terraform, Python, CI/CD pipelines) to manage configurations at scale.











+ Security operations & tuning



+ Lead incident triage and investigations for WAF, API, and bot-related events; coordinate containment, tuning, and long-term fixes.



+ Analyze WAF and CDN logs to identify attacks, false positives, and evasion attempts; refine policies, exception sets, and custom rules.



+ Collaborate with Security Operations, Threat Intelligence, and product security teams to map emerging threats into new or updated rulesets.



+ Drive continuous improvement in detection quality, block rates, and false-positive reduction while maintaining performance SLAs.











+ Dev & automation focus



+ Partner with developers to integrate Akamai security checks into CI/CD (e.g., automated policy promotions, pre-prod validation jobs, automated regression checks).



+ Develop internal tools and scripts (Python, Bash, TypeScript, etc.) to streamline common workflows (policy cloning, bulk updates, configuration linting).



+ Provide technical requirements and guidance into product roadmaps for observability, logging, and security analytics.











+ Governance, metrics, and leadership



+ Own platform health and risk metrics (coverage, rule adoption, false positives, incident volume, MTTR) and present them regularly to leadership and stakeholders.



+ Lead operational governance forums with product teams to review posture, tuning backlog, and upcoming changes.



+ Mentor and coach G3 Engineers and Analysts; provide guidance on investigations, change reviews, and documentation.



+ Contribute to and lead updates of SOPs, intake processes, runbooks, and standards for Akamai and E-WAAP.











Requsition ID: REF9603T_744000100407506