- *Join the team leading the next evolution of virtual care.**
At Teladoc Health, you are empowered to bring your true self to work while helping millions of people live their healthiest lives.
Here you will be part of a high\-performance culture where colleagues embrace challenges, drive transformative solutions, and create opportunities for growth. Together, we’re transforming how better health happens.
### **Staff Security Engineer** **\- Edge \&** **API**
Security Lead
Key member of the Security team, this role focuses on implementing and managing security controls for web applications, APIs, and edge infrastructure. The Lead Security Engineer will leverage Cloudflare platform and other edge security solutions to protect against DDoS attacks web application threats, bot attacks, API vulnerabilities and AI threats. This role demands strong technical expertise in web application firewalls (WAF), DDoS mitigation, bot management, API security, and content delivery network (CDN) security, with the ability to architect and implement scalable protection mechanisms for internet facing applications and services.
- *Essential** **Duties** **and** **Responsibilities**
=====================================================
- Oversee the design, implementation, and management of Cloudflare security services (WAF, DDoS Protection, Bot Management, API Shield, Rate Limiting) to safeguard web applications and APIs.
- Establish and document security standards and best practices for edge security, CDN usage, and SSL/TLS management across the organization.
- Collaborate with application development, cloud engineering, and DevOps teams to integrate security controls into all web applications and API gateways.
- Design and manage AI Gateways to optimize global edge security and real\-time observability.
- Lead the design and implementation of Layer 3/4 firewall tunneling strategy to secure and optimize hybrid cloud connectivity.
- Drive the security assessment and hardening of edge security architectures, proactively identifying vulnerabilities in edge\-side logic, global API endpoints, and WAF configurations.
- Oversee edge security automation to deploy real\-time custom mitigation logic and automated incident response.
- *Qualifications Expected for** **Position**
- -------------------------------------------
- 6\+ years of experience in information security with focus on application security, web security, or network security.
- 3\+ years of experience with DDoS protection and mitigation strategies for application\- layer and network\-layer attacks.
- 2\+ years of hands\-on experience with web application firewalls (WAF), API and AI gateways, including rule development, tuning, and attack mitigation.
- Strong understanding of web application security principles, OWASP Top 10, and common attack vectors.
- Experience with CDN platforms and edge security services for protecting internet\-facing applications.
- Proficiency with HTTP/HTTPS protocols, SSL/TLS, DNS, and web application architectures.
- Experience analyzing web traffic patterns, logs, and security events to identify threats and tune security controls.
- *Preferred** **Qualifications**
================================
- Demonstrated success implementing WAF and edge security at scale in high traffic environments.
- Extensive experience with Cloudflare security tools, including Web Application Firewall (WAF) and DDoS Protection.
- Proficient in Cloudflare Bot Management to identify and block automated threats.
- Skilled in implementing API Shield, API Gateways for secure API access and protection
- Knowledge of API security best practices including OAuth, JWT, API authentication/authorization, and schema validation.
- Experience with GraphQL security and protection mechanisms.
- Experience implementing security headers (CSP, HSTS, X\-Frame\-Options) and cookie security.
- Proficiency with scripting and automation for security rule management (JavaScript, Python).
- Familiarity with Infrastructure as Code for edge security configuration (Terraform, CloudFormation).
- Relevant certifications such as CISSP, CEH, GWAPT (GIAC Web Application Penetration Tester), OSCP, or cloud security certifications.
As part of our hiring process, we verify identity and credentials, conduct interviews (live or video), and screen for fraud or misrepresentation. Applicants who falsify information will be disqualified.
- *Why join Teladoc Health?**
- Teladoc Health is transforming how better health happens. Learn how when you join us in pursuit of our impactful mission .
- Chart your career path with **meaningful opportunities** that empower you to grow, lead, and make a difference.
- Join a **multi\-faceted community** that celebrates each colleague’s unique perspective and is focused on continually improving, each and every day.
- Contribute to an **innovative culture** where fresh ideas are valued as we increase access to care in new ways.
- Enjoy an inclusive benefits program centered around you and your family, with tailored programs that address your unique needs.
- Explore candidate resources with tips and tricks from Teladoc Health recruiters and learn more about our company culture by exploring \#TeamTeladocHealth on LinkedIn .
- As an Equal Opportunity Employer, we never have and never will discriminate against any job candidate or employee due to age, race, religion, color, ethnicity, national origin, gender, gender identity/expression, sexual orientation, membership in an employee organization, medical condition, family history, genetic information, veteran status, marital status, parental status, or pregnancy). In our innovative and inclusive workplace, we prohibit discrimination and harassment of any kind.*
- Teladoc Health respects your privacy and is committed to maintaining the confidentiality and security of your personal information. In furtherance of your employment relationship with Teladoc Health, we collect personal information responsibly and in accordance with applicable data privacy laws, including but not limited to, the California Consumer Privacy Act (CCPA). Personal information is defined as: Any information or set of information relating to you, including (a) all information that identifies you or could reasonably be used to identify you, and (b) all information that any applicable law treats as personal information. Teladoc Health’s Notice of Privacy Practices for U.S. Employees’ Personal information is available* *at this link* *.*