Join the team leading the next evolution of virtual care.
At Teladoc Health, you are empowered to bring your true self to work while helping millions of people live their healthiest lives.
Here you will be part of a high-performance culture where colleagues embrace challenges, drive transformative solutions, and create opportunities for growth. Together, we’re transforming how better health happens.
Staff Security Engineer
- Edge &
API
Security
Lead
Summary of Position
Key member of the Security team, this role focuses on implementing and managing security controls for web applications, APIs, and edge infrastructure. The Lead Security Engineer will leverage Cloudflare platform and other edge security solutions to protect against DDoS attacks
web
application
threats,
bot
attacks,
API
vulnerabilities
and
AI
threats.
This
role
demands
strong technical
expertise
in
web
application
firewalls
(WAF),
DDoS
mitigation,
bot
management,
API
security,
and
content
delivery
network
(CDN)
security,
with
the
ability
to
architect
and
implement
scalable
protection
mechanisms
for
internet
facing
applications
and
services.
Essential Duties
and Responsibilities
Oversee the design, implementation, and management of Cloudflare security services
(WAF,
DDoS
Protection,
Bot
Management,
API
Shield,
Rate
Limiting)
to
safeguard
web
applications and APIs.
Establish
and document
security
standards and
best practices
for
edge
security, CDN
usage,
and SSL/TLS
management
across the
organization.
Collaborate
with
application
development,
cloud
engineering,
and
DevOps
teams
to
integrate security controls into all web applications and API gateways.
Design
and
manage
AI
Gateways
to
optimize
global
edge
security
and
real-time
observability.
Lead
the
design
and
implementation
of
Layer
3/4
firewall
tunneling
strategy
to
secure
and optimize hybrid cloud connectivity.
Drive
the
security
assessment
and
hardening of
edge
security
architectures,
proactively
identifying vulnerabilities in
edge-side logic, global API endpoints, and WAF configurations.
Oversee
edge
security
automation
to
deploy
real-time
custom
mitigation
logic
and
automated incident response.
Required Qualifications
6+ years
of
experience
in
information
security
with
focus
on
application
security,
web
security, or network security.
3+
years
of
experience
with
DDoS
protection
and
mitigation
strategies
for application-
layer and network-layer attacks.
2+ years of hands-on experience with web application firewalls (WAF), API and AI
gateways, including rule development, tuning,
and attack
mitigation.
Strong understanding of web application security principles, OWASP Top 10, and common attack vectors.
Experience
with
CDN
platforms
and
edge security
services
for
protecting
internet-facing
applications.
Proficiency
with HTTP/HTTPS
protocols,
SSL/TLS,
DNS, and
web
application
architectures.
Experience
analyzing
web
traffic
patterns, logs,
and
security
events
to
identify
threats
and
tune security controls.
Preferred Qualifications
Demonstrated success implementing WAF and edge security at scale in high traffic
environments.
Extensive
experience
with
Cloudflare
security
tools,
including
Web Application Firewall
(WAF) and DDoS Protection.
Proficient
in
Cloudflare
Bot
Management
to
identify
and
block
automated
threats.
Skilled
in
implementing
API
Shield,
API
Gateways
for
secure
API
access
and
protection
Knowledge
of
API
security
best
practices
including
OAuth,
JWT,
API
authentication/authorization, and schema validation.
Experience
with
GraphQL
security
and protection
mechanisms.
Experience
implementing
security
headers
(CSP,
HSTS,
X-Frame-Options)
and
cookie
security.
Proficiency
with
scripting
and
automation
for
security
rule
management
(JavaScript, Python).
Familiarity with Infrastructure as Code for edge security configuration (Terraform,
CloudFormation).
Relevant
certifications
such
as
CISSP,
CEH,
GWAPT
(GIAC
Web
Application
Penetration
Tester), OSCP, or cloud security certifications.
As part of our hiring process, we verify identity and credentials, conduct interviews (live or video), and screen for fraud or misrepresentation. Applicants who falsify information will be disqualified.
Why join Teladoc Health?
Teladoc Health is transforming how better health happens. Learn how when you join us in pursuit of our
impactful mission
.
Chart your career path with
meaningful opportunities
that empower you to grow, lead, and make a difference.
Join a
multi-faceted community
that celebrates each colleague’s unique perspective and is focused on continually improving, each and every day.
Contribute to an
innovative culture
where fresh ideas are valued as we increase access to care in new ways.
Enjoy an inclusive
benefits program
centered around you and your family, with tailored programs that address your unique needs.
Explore
candidate resources
with tips and tricks from Teladoc Health recruiters and learn more about our company culture by exploring #TeamTeladocHealth on
LinkedIn
.
As an Equal Opportunity Employer, we never have and never will discriminate against any job candidate or employee due to age, race, religion, color, ethnicity, national origin, gender, gender identity/expression, sexual orientation, membership in an employee organization, medical condition, family history, genetic information, veteran status, marital status, parental status, or pregnancy). In our innovative and inclusive workplace, we prohibit discrimination and harassment of any kind.
Teladoc Health respects your privacy and is committed to maintaining the confidentiality and security of your personal information. In furtherance of your employment relationship with Teladoc Health, we collect personal information responsibly and in accordance with applicable data privacy laws, including but not limited to, the California Consumer Privacy Act (CCPA). Personal information is defined as: Any information or set of information relating to you, including (a) all information that identifies you or could reasonably be used to identify you, and (b) all information that any applicable law treats as personal information. Teladoc Health’s Notice of Privacy Practices for U.S. Employees’ Personal information is available
at this link
.
