#Cyber #Security Engineer


Designs, builds, operates and automates complex security solutions and processes to protect the integrity of the organization’s digital network, systems, applications and data. Recommends and implements solutions. Participates in identifying and implementing additional security controls. Provides security consulting services and risk assessments. Continually evaluates and upgrades security features. . SCOPE: Implements activities that generally impact important components / processes of the work of own unit / team / projects. Typically assigned to important / complicated undertakings. Anticipates and prevents problems and roadblocks before they occur. Has in-depth knowledge of advanced security protocols and standards, vulnerability assessment tools, packet analyzers and security management suites, penetration testing tools and countermeasures and mitigation techniques applied to web applications. Interacts with internal and external peers and managers to exchange complex information related to areas of specialization. Works with internal technology groups, development teams and partners to develop, implement, maintain and monitor security policies and procedures.
Exciting role of cyber security engineer for the Website Protection team, with responsibilities that include onboarding Staples websites to a platform to detect, respond and protect against online fraud, automated threats and attacks. This includes WAF tuning and maintenance, integrations with security controls, bot management, and supporting our SOC and IR teams. Serve as technical lead to partner with web application teams to integrate them with our security and fraud solutions. You will also be working directly with Staples Fraud Detection team to support daily efforts to protect profitability from online threats.
Responsibilities will include:
  • Providing website security protection for web applications for both B2C & B2B.
  • Web Application Firewall enablement, including tuning WAF rules based on observed patterns. Leverage automation for testing, and ensuring false positives are monitored and addressed.
  • Working directly with ecommerce product owners and support teams to ensure protection coverage is factored in to any new development efforts.
  • Ensuring security event data is accessible for SOC, threat and IR teams to consume for proactive monitoring, alerting and analysis. Also provide support to SOC and IR teams as needed.
  • Defining processes for production environment changes related to website protection.
  • Providing protection for our mobile native apps, and their supporting APIs.
  • Create a repeatable process for onboarding new web applications to the protection platform. Driving the roadmap from a Kanban methodology.
  • Establish relationships with web application teams to be consultative with up-front protections for their production rollouts.


Required Skills:
  • Strong understanding of web application architecture and HTTP Request/Response
  • Experience making changes in production environments, including change management procedures, for high traffic web sites
  • Ability to use proper judgement before making business impacting traffic decisions
  • Good working knowledge of security principles & frameworks
  • Familiar with retail threat landscape, such as Credential Abuse, Web Content and Price Scraping, Account Take Over
  • Akamai CDN experience
  • Web Application Firewall (WAF) experience
  • Familiar with bot management and automation
  • Strong understanding of OWASP mitigation techniques
  • Strong skills in log analysis; pattern detection ability
  • Understanding of DNS, firewalls and technologies associated with web application internet traffic flow
  • Experience using and creating restAPIs.
  • Strong written and verbal communication skills
  • Detailed trouble-shooting skills to investigate false positives impacting customer traffic
  • Splunk / Splunk SIEM
Preferred Skills:
  • Experience with RESTful services and service-oriented architecture / microservices
  • Familiar with eCommerce WEB technologies such as nginx, HTML5, Javascript, CSS, AJAX, Java/Spring, AngularJS and ReactJS
  • Strong ability to collaborate with enterprise level cross functional technical teams to design and deliver scalable solutions.
  • Can effectively and efficiently work both independently and as leader within a cross functional team.
  • Ability to design and test major features.
  • Ability to work as an individual contributor as well as in a team
  • Strong drive in ensuring code quality and inspiring fellow team mates to do the same
  • Experience in agile development methodologies; Familiarity with Agile/Kanban, various quality assurance methodologies
  • Exposure to continuous integration
  • Experience working with 3rd party partners/APIs
  • 5+ years of experience.
  • Bachelors of Science or 8+ years of related work experience.
  • Web applications development using technologies like Websphere, Java/Spring Framework, Microservices
  • Strong problem solving and analytical skills with the attitude for automation.

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.