Lead Security Engineer

About Photon

Photon is a fast growing global technology company, leading the industry in Digital Transformation for Enterprise. Photon is known for creating amazing mobile-first digital customer experiences and designs; and delivers technical expertise across all levels of corporate infrastructure.

Job Summary

The Senior Information Security Engineer – Akamai & Edge Application Security will lead the architecture, engineering, and operational management of O’Reilly’s edge security posture across the Akamai platform. This hands-on role focuses on Web Application Firewall (WAF), Bot Management, Akamai Cloudlets, and the broader Edge Security and Performance ecosystem (Ion, Site Shield, FastDNS, Prolexic). We need an Akamai subject-matter expert capable of designing, tuning, and automating complex edge configurations, partnering closely with Application Development, SRE, and Security Architecture teams to secure and optimize large-scale retail web environments during modernization initiatives.

Key Responsibilities -

Akamai WAF Engineering & Governance - Architect, implement, and tune custom Akamai WAF rule sets tailored to application risk profiles. Continuously monitor WAF telemetry to identify false positives, optimize thresholds, and reduce alert noise. Conduct regular WAF configuration and policy reviews with AppDev, SRE, and Architecture to ensure alignment with evolving API and micro-frontend architectures. Integrate WAF logs and alerts into SIEM platforms (Splunk, Sentinel, ELK) for real-time monitoring and response. Lead onboarding and lifecycle management of new applications into Akamai WAF policies and governance frameworks. Bot Management & Abuse Prevention, Akamai Cloudlets & Edge Traffic Engineering

• Design, implement, and operate Akamai Cloudlets (Phased Release, Edge Redirector, Audience Segmentation, Request Control, and Application Load Balancer) to safely manage phased rollouts and traffic routing.
• Build phased migration frameworks using Phased Release Cloudlet for gradual feature exposure and canary deployments across legacy and GCP origins.
• Engineer Edge Redirector logic to handle SEO-safe redirects, A/B testing, and blue-green deployment transitions.
• Manage and optimize Cloudlet policies via XLS and Cloudlets Policy Manager API, ensuring version control, rollback readiness, and environment consistency.
• Integrate Cloudlet routing decisions with edge security controls (WAF, Bot Manager, API Gateway) to deliver a cohesive protection and performance strategy.
• Partner with SRE to automate property-to-Cloudlet linkage, policy promotion, and governance.
• Edge Platform Security & Optimization
• Serve as the primary Akamai SME for Ion, Site Shield, FastDNS, Prolexic, and related edge security services.
• Work with SRE and Network teams to enforce secure origin connectivity (mTLS, header authentication, Site Shield topologies).
• Contribute to modernization initiatives by optimizing caching, routing, and content delivery strategies.
• Evaluate and adopt new Akamai capabilities such as EdgeWorkers, EdgeKV, and API Gateway for advanced automation and programmable edge defense.
• Support DataStream and mPulse integration for observability and real-time edge performance analytics.
• Cross-Functional Collaboration
• Act as the InfoSec liaison to Application and SRE teams for all Akamai-related engineering and rollout projects.
• Participate in sprint planning, release reviews, and architectural design sessions to embed security early in the development lifecycle.
• Lead tabletop exercises and post-incident reviews involving Akamai or edge security incidents.
• Provide mentorship and training to junior engineers on Akamai operations, Cloudlets policy management, and edge security best practices.
• Strategic Oversight & Governance
• Track Akamai service utilization, performance, and cost metrics to identify optimization and automation opportunities.
• Maintain a strong relationship with Akamai account, TAM, and PS teams for roadmap alignment, escalations, and best-practice validation.
• Contribute to O’Reilly’s Edge Security Reference Architecture, defining enterprise standards for WAF, Bot Management, Cloudlets, and secure content delivery.

Required Qualifications

• 5+ years of hands-on experience in Application or Edge Security with direct ownership of Akamai WAF, Bot Manager, and Cloudlets in production.
• Deep understanding of HTTP/S, CDN caching, bot evasion tactics, and OWASP Top 10 mitigations.
• Expertise in Akamai Property Manager, Cloudlets Policy Manager, and rule-tree logic design.
• Proven experience building and tuning Phased Release, Edge Redirector, and Request Control policies.
• Strong background integrating Akamai telemetry into SIEM and incident response workflows.
• Familiarity with DevSecOps pipelines, CI/CD automation, and cloud-native architectures (GCP, AWS, or Azure).
• Excellent troubleshooting and log-analysis skills for complex, multi-origin traffic flows.
• Strong communication, documentation, and collaboration skills across Security, SRE, and AppDev teams.

Preferred Qualifications

• Experience with Akamai EdgeWorkers / EdgeKV or other programmable edge compute platforms.
• Prior involvement in bot traffic forensics, fraud detection, or Akamai mPulse / DataStream analytics.
• Proficiency in scripting and automation (Python, Bash, JSON, Terraform, or Akamai APIs).
• Familiarity with zero-trust edge architectures, API Gateway Security, and micro-frontend delivery models.
• Industry certifications such as Akamai Certified Professional, CISSP, GIAC GWEB, or CEH.

Education

• Bachelor’s degree in Computer Science, Information Security, or a related technical field (or equivalent practical Experience