OneMain Financial Jobs

Home View All Jobs (2,087,999)

Job Information

McDonald's Cyber Engineer III - API Security in Ciudad de México, Mexico

The Senior Engineer, Application & API Security is a key member of the E-WAAP team and serves as a technical lead for our Akamai-based web and API security platform. You will:

  • Lead onboarding of new applications and APIs onto Akamai (WAF, CDN, bot, and API security capabilities).

  • Design and tune security policies to protect against OWASP Top 10, API abuse, bots, and DDoS while preserving performance and user experience.

  • Partner with product teams, developers, and cloud teams to embed E-WAAP into CI/CD and DevSecOps workflows.

This role reports into the G5 Manager, Application & API Security (E-WAAP) and will provide coaching and technical direction to G3 Engineers and G2/G3 Analysts as we in-source capabilities from our managed services provider.

Responsibilities & Accountabilities:

  • Platform engineering & design

  • Lead the onboarding of new web and API workloads to Akamai, from discovery and architecture review to staging, validation, and production cutover.

  • Design and implement WAF, bot management, DDoS, and rate-limiting policies tailored to application risk profiles and business requirements.

  • Build reusable configuration patterns, templates, and reference architectures for common McDonald’s application types (e.g., marketing sites, e-commerce, APIs, partner integrations).

  • Use Akamai APIs, automation frameworks, and infrastructure-as-code (e.g., Terraform, Python, CI/CD pipelines) to manage configurations at scale.

  • Security operations & tuning

  • Lead incident triage and investigations for WAF, API, and bot-related events; coordinate containment, tuning, and long-term fixes.

  • Analyze WAF and CDN logs to identify attacks, false positives, and evasion attempts; refine policies, exception sets, and custom rules.

  • Collaborate with Security Operations, Threat Intelligence, and product security teams to map emerging threats into new or updated rulesets.

  • Drive continuous improvement in detection quality, block rates, and false-positive reduction while maintaining performance SLAs.

  • Dev & automation focus

  • Partner with developers to integrate Akamai security checks into CI/CD (e.g., automated policy promotions, pre-prod validation jobs, automated regression checks).

  • Develop internal tools and scripts (Python, Bash, TypeScript, etc.) to streamline common workflows (policy cloning, bulk updates, configuration linting).

  • Provide technical requirements and guidance into product roadmaps for observability, logging, and security analytics.

  • Governance, metrics, and leadership

  • Own platform health and risk metrics (coverage, rule adoption, false positives, incident volume, MTTR) and present them regularly to leadership and stakeholders.

  • Lead operational governance forums with product teams to review posture, tuning backlog, and upcoming changes.

  • Mentor and coach G3 Engineers and Analysts; provide guidance on investigations, change reviews, and documentation.

  • Contribute to and lead updates of SOPs, intake processes, runbooks, and standards for Akamai and E-WAAP.

Requsition ID: REF9603T_744000100407506

DirectEmployers