Platform Security Engineer

Описание вакансии

WHY JOIN ALO?

Mindful movement. It’s at the core of why we do what we do at ALO—it’s our calling. Because mindful movement in the studio leads to better living. It changes who yogis are off the mat, making their lives and their communities better. That’s the real meaning of studio-to-street: taking the consciousness from practice on the mat and putting it into practice in life.

WHY JOIN ALO? 

Mindful movement. It’s at the core of why we do what we do at ALO—it’s our calling. Because mindful movement in the studio leads to better living. It changes who yogis are off the mat, making their lives and their communities better. That’s the real meaning of studio-to-street: taking the consciousness from practice on the mat and putting it into practice in life. 

OVERVIEW 

We are seeking a highly skilled Platform Security Engineer with deep, hands-on expertise in CDN security, DDoS mitigation, Web Application Firewall (WAF) management, and bot defense. In this role, you will own and advance Alo’s edge and application security posture across our high-traffic e-commerce and digital platforms. You will be the subject-matter expert for all CDN security decisions—from designing bot management policies to tuning WAF rule sets to leading DDoS response—while also driving security across our cloud infrastructure, CI/CD pipelines, and container environments. 

RESPONSIBILITIES 

• CDN, WAF & Edge Security (Primary Focus)

+ Own the full lifecycle of CDN security configuration across enterprise platforms (Akamai, Cloudflare, Fastly, or equivalent), including origin shield, TLS/SSL policy, and traffic routing.

+ Design, implement, and continuously tune Web Application Firewall rule sets—including OWASP Core Rule Set customization, rate limiting, geo-restrictions, and virtual patching for emerging vulnerabilities.

+ Lead DDoS mitigation strategy and incident response for both volumetric (L3/L4) and application-layer (L7) attacks; develop runbooks, define thresholds, and coordinate with CDN vendors during active events.

+ Configure and manage botmanagement platforms (e.g., Akamai Bot Manager, Cloudflare Bot Management, DataDome, or equivalent), including policy creation, bot classification logic, CAPTCHA challenge rules, and false-positive tuning.

+ Analyze CDN traffic logs, security dashboards, and threat intelligence feeds to identifyanomalous patterns, emerging attack campaigns, and opportunities to harden edge policies proactively.

+ Develop and maintainrate limiting, IP reputation management, and client fingerprinting policies to defend against credential stuffing, scraping, account takeover, and API abuse.

+ Partner with CDN and security vendors on escalated threat investigations, platform capabilities, and contract/SLA management.

• Cloud Platform & Infrastructure Security

+ Architect and enforce security standards across cloud platforms (AWS, Azure)

+ Integrate security into CI/CD pipelines and automate compliance and configuration checks using Infrastructure-as-Code (Terraform, CloudFormation).

+ Conduct vulnerability assessments, penetration tests, and respond to security incidents promptly and thoroughly.

+ Manage privileged access and enforce least-privilege principles; implement identity security measures for multi-cloud environments.

+ Collaborate with DevOps and engineering teams to embed security into platform design from the ground up.

QUALIFICATIONS 

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• 5+ years in platform security, cloud security, or edge security roles, with a minimum of 3 years in a hands-on CDN security capacity.
• Deep, demonstrable expertisewith enterprise CDN platforms such as Akamai, Cloudflare, Fastly, or AWS CloudFront, including:
• Writing, deploying, and tuning custom WAF rules and managed rule groups.
• Configuring and managing bot mitigation policies, bot scoring thresholds, and challenge/block actions.
• Designing and executing DDoS mitigation strategies for both volumetric and application-layer attacks.
• Analyzing CDN security event logs and traffic analytics to identifyand respond to threats in real time.
• Proven experience supporting high-traffic, revenue-critical websites and securing large-scale distributed systems where availability and integrity are non-negotiable.
• Ability to articulate trade-offs between security posture and business impact (e.g., false positive rates, latency, user experience) when configuring CDN edge policies.
• Proficiencyin scripting languages (Python, Bash) for automating CDN policy management, log analysis, and alerting.
• Experience with Infrastructure-as-Code tools (Terraform)for managing CDN and cloud security configurations.
• Experience with container security, Kubernetes hardening, and CI/CD pipeline security.
• Familiarity with SIEM tools, threat intelligence platforms, and compliance frameworks (SOC 2, ISO 27001, PCI-DSS).
• CDN or security vendor certifications (e.g., Akamai Certified Professional, Cloudflare Certified, AWS Security Specialty).
• Experience with API security gateways and securingGraphQL/REST APIs at the edge.
• Background in e-commerce security, retail, or DTC (direct-to-consumer) environments with high seasonal traffic spikes.
• Experience with threat modeling for web application architectures and CDN-integrated platforms.
• Familiarity with client-side security standards such as Content Security Policy (CSP), SubresourceIntegrity (SRI), and browser-side attack detection.

The base salary range for this position is $140,000-$180,000 per year which represents the current range for the base salary for this exempt position. Please note that actual salaries will vary based on factors including but not limited to location, experience, and performance. As such, on occasion and when applicable, there is the possibility that the final, agreed-upon base salary may be outside of the upper end of the range. Please also note the range listed is just one component of the company’s total rewards package for exempt employees. Other rewards may include performance bonuses, long term incentives, a PTO policy, and many other progressive benefits.

For CA residents, Job Applicant Privacy Policy HERE.