[Hiring] Staff Cybersecurity Engineer @Teladoc Health

Role Description

Key member of the Security team, this role focuses on implementing and managing security controls for web applications, APIs, and edge infrastructure. The Lead Security Engineer will leverage Cloudflare platform and other edge security solutions to protect against:

• DDoS attacks
• Web application threats
• Bot attacks
• API vulnerabilities
• AI threats

This role demands strong technical expertise in:

• Web application firewalls (WAF)
• DDoS mitigation
• Bot management
• API security
• Content delivery network (CDN) security

Responsibilities include:

• Oversee the design, implementation, and management of Cloudflare security services (WAF, DDoS Protection, Bot Management, API Shield, Rate Limiting) to safeguard web applications and APIs.
• Establish and document security standards and best practices for edge security, CDN usage, and SSL/TLS management across the organization.
• Collaborate with application development, cloud engineering, and DevOps teams to integrate security controls into all web applications and API gateways.
• Design and manage AI Gateways to optimize global edge security and real-time observability.
• Lead the design and implementation of Layer 3/4 firewall tunneling strategy to secure and optimize hybrid cloud connectivity.
• Drive the security assessment and hardening of edge security architectures, proactively identifying vulnerabilities in edge-side logic, global API endpoints, and WAF configurations.
• Oversee edge security automation to deploy real-time custom mitigation logic and automated incident response.

Qualifications

• 6+ years of experience in information security with focus on application security, web security, or network security.
• 3+ years of experience with DDoS protection and mitigation strategies for application-layer and network-layer attacks.
• 2+ years of hands-on experience with web application firewalls (WAF), API and AI gateways, including rule development, tuning, and attack mitigation.
• Strong understanding of web application security principles, OWASP Top 10, and common attack vectors.
• Experience with CDN platforms and edge security services for protecting internet-facing applications.
• Proficiency with HTTP/HTTPS protocols, SSL/TLS, DNS, and web application architectures.
• Experience analyzing web traffic patterns, logs, and security events to identify threats and tune security controls.

Preferred Qualifications

• Demonstrated success implementing WAF and edge security at scale in high traffic environments.
• Extensive experience with Cloudflare security tools, including Web Application Firewall (WAF) and DDoS Protection.
• Proficient in Cloudflare Bot Management to identify and block automated threats.
• Skilled in implementing API Shield, API Gateways for secure API access and protection.
• Knowledge of API security best practices including OAuth, JWT, API authentication/authorization, and schema validation.
• Experience with GraphQL security and protection mechanisms.
• Experience implementing security headers (CSP, HSTS, X-Frame-Options) and cookie security.
• Proficiency with scripting and automation for security rule management (JavaScript, Python).
• Familiarity with Infrastructure as Code for edge security configuration (Terraform, CloudFormation).
• Relevant certifications such as CISSP, CEH, GWAPT (GIAC Web Application Penetration Tester), OSCP, or cloud security certifications.

Benefits

• Chart your career path with meaningful opportunities that empower you to grow, lead, and make a difference.
• Join a multi-faceted community that celebrates each colleague’s unique perspective and is focused on continually improving, each and every day.
• Contribute to an innovative culture where fresh ideas are valued as we increase access to care in new ways.
• Enjoy an inclusive benefits program centered around you and your family, with tailored programs that address your unique needs.