Edge Security Platform Engineer

The Edge Security Platform Engineer owns the edge security controls that protect MLB’s public web and mobile traffic. This role builds, operates, and improves WAF and bot defenses and manages security capabilities across CDNs that support application delivery, traffic protection, and transaction flows.

This engineer tunes controls, automates workflows, and connects edge telemetry with application and payment signals to reduce bot abuse and fraud without adding unnecessary friction, latency, or downtime for legitimate fans.

Success is measured by stronger protection during high-demand events, fewer false positives, better visibility across edge-to-transaction flows, and measurable improvement in checkout conversion, site performance, and fraud reduction.

Responsibilities

Edge Security & Platform Operations

• Own and operate MLB’s edge security platforms (WAF, bot mitigation, CDN), including configuration, tuning, and lifecycle management
• Maintain secure, resilient environments using infrastructure-as-code and controlled deployment practices
• Continuously refine rules, policies, and thresholds to improve protection and prevent drift
• Participate in an on-call rotation for high-severity edge security incidents

Bot Mitigation & Fraud Prevention

• Design and manage defenses against automated abuse (e.g., credential stuffing, scraping, ticketing bots, payment fraud)
• Analyze telemetry to identify threats, false positives, and attacker behavior
• Partner with fraud and payment teams to strengthen early detection and mitigation

Performance & Incident Response

• Optimize security controls to protect uptime and user experience during high-traffic events
• Serve as a subject matter expert during incidents, ensuring mitigations meet latency, conversion, and availability targets

Observability & Reporting

• Build and maintain logging, monitoring, dashboards, and alerting across edge and application layers
• Integrate telemetry with SIEM tools to improve detection, triage, and auditability.
• Track and report on key risk and performance metrics

Automation, Governance & Collaboration

• Drive automation for detection, response, and change management while maintaining human oversight
• Establish strong deployment controls, audit trails, and support compliance (e.g., PCI, SOC 2)
• Collaborate cross-functionally to enhance edge security strategy, tooling, and execution

Qualifications & Skills

• Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent practical experience
• 5+ years in security, platform, SRE, or infrastructure engineering roles supporting high-scale, internet-facing systems; experience with high-demand consumer platforms such as ticketing, e-commerce, streaming, or live events strongly preferred
• Hands-on experience operating and tuning WAF, bot mitigation, rate limiting, CDN security, and related traffic protection controls in production environments
• Direct experience with HAProxy Enterprise WAF and bot/security modules, and with CDN including WAF, bot management, rate controls, and telemetry or log streaming
• Strong understanding of HTTP/S, TLS, DNS, TCP/IP, reverse proxying, caching, rate limiting, server- and client-side fingerprinting, and edge traffic behavior
• Experience investigating web abuse, fraud signals, or adversarial automation affecting login, checkout, account, or transaction flows
• Proficiency with Python, Go, Bash, or similar scripting languages, and experience with Terraform, Ansible, Git-based workflows, CI/CD pipelines, or other infrastructure-as-code practices
• Experience with observability, logging, and SIEM integration for security and operational telemetry
• Share