Edge Security Engineer

About the Role

The Edge Security Engineer will join the Product Security team in Arlington, VA, working Monday‑through‑Thursday in the office and remotely on Friday. The role focuses on maintaining and optimizing edge security controls for CoStar’s public‑facing websites, including Akamai Kona WAF configurations, bot mitigation, scraping protection, and other perimeter defenses to ensure high availability and secure access. • Configure and fine‑tune Akamai Kona WAF policies to reduce false positives and protect against OWASP and DDoS threats. • Implement and maintain bot protection and scraping mitigation across web properties. • Analyze edge traffic patterns, detect anomalies, and respond to security incidents. • Support secure deployment and scaling of edge security controls in cloud and CDN environments. • Provide edge security for 50+ high‑traffic websites with diverse tech stacks and threat profiles.

Key Responsibilities

• ▸waf configuration
• ▸bot protection
• ▸traffic analysis
• ▸edge deployment
• ▸edge security
• ▸incident response

What You Bring

Candidates must hold a bachelor’s degree from an accredited in‑person university and have 1–3 years of experience in edge or web‑application security, preferably with Akamai, Cloudflare, Imperva, DataDome, Fastly, AWS WAF, or similar platforms. Familiarity with the OWASP Top 10, API security, traffic analysis, and collaboration across product, security, DevOps, legal and development teams is required. Preferred experience includes hands‑on use of Akamai Control Center, advanced bot‑detection techniques, scripting and infrastructure‑as‑code (Python, Terraform, Ansible), and knowledge of SDLC, CI/CD, and cloud‑native services such as Docker, EC2, EKS, and RDS. Awareness of compliance frameworks like NIST, ISO 27001, and PCI DSS is a plus. • Bachelor’s degree from an accredited in‑person university. • 1–3 years of edge or web‑application security experience with Akamai, Cloudflare, Imperva, DataDome, Fastly, AWS WAF, or similar. • Knowledge of OWASP Top 10, API security best practices, and traffic analysis. • Ability to collaborate with product, security, DevOps, legal, and development teams. • Experience with dashboards and log analysis tools such as Akamai WSA, ELK, or Athena. • Hands‑on experience with Akamai Control Center for WAF rule configuration and monitoring. • Advanced bot detection using behavioral analysis or AI‑based solutions. • Scripting/Infrastructure‑as‑code skills (Python, Terraform, Ansible) for automation and reporting. • Understanding of SDLC, CI/CD pipelines, and cloud‑native technologies (Docker, EC2, EKS, RDS). • Familiarity with compliance frameworks (NIST, ISO 27001, PCI DSS).

Requirements

• ▸bachelor's
• ▸akamai
• ▸python
• ▸docker
• ▸owasp
• ▸elk

Benefits

CoStar offers a collaborative, innovative culture with generous compensation, performance‑based incentives, and extensive professional development benefits such as internal training and tuition reimbursement. The total rewards package includes comprehensive health coverage, life and legal insurance, mental‑health services, commuter benefits, 401(k) matching, employee stock purchase, paid time off, fitness amenities, DEI employee resource groups, and complimentary snacks. • Competitive salary with performance‑based incentives. • Comprehensive medical, vision, dental, and prescription coverage. • Life, legal, and supplemental insurance. • Mental‑health counseling (virtual and in‑person) for individuals and families. • 401(k) plan with matching contributions and employee stock purchase plan. • Paid time off, tuition reimbursement, and professional development programs. • On‑site or reimbursed fitness center membership, yoga studio, Peloton, and group classes. • Commuter and parking benefits. • Access to Diversity, Equity & Inclusion employee resource groups. • Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and healthy snacks.

Work Environment

Office Full-Time