Senior Application Security Engineer II - Akamai [T500-25928]

About Us:

Marriott International Inc., headquartered in Bethesda, Maryland, USA, was founded in May 1927 by J. Willard Marriott and Alice S. Marriott with a modest nine-seat A&W root beer stand. Guided by the family's leadership and core principles, Marriott International today has grown into a global hospitality giant, operating approximately 9,000 properties and over 30 leading brands in more than 140 countries and territories.

From such humble beginnings to becoming the worlds largest hotel company, Marriott International has never stopped searching for inventive ways to serve its customers, provide opportunities for its associates, and grow their business. At Marriott Tech Accelerator center (MTA), Hyderabad, India, Marriott is exploring the world we live in and all its possibilities. At Marriott Tech Accelerator, we are a team of passionate engineering minds dedicated to creating and building cutting-edge solutions that streamline operations and elevate guest experiences.

Marriott Tech Accelerator center is fully owned and operated by ANSR. All associates at Marriott Tech Accelerator will be ANSR employees, delivering services exclusively to ANSR's client, Marriott International.

Role Title: Senior Application Security Engineer II

JOB SUMMARY:

The position Engineer, Edge & Runtime Security - MTA will support a broad range of security functions, including edge and runtime security, application security testing, supply chain security, and security compliance. This role assists in developing, deploying and optimizing Akamai edge security solutions such as WAF, bot management, API security, and DDoS protections while monitoring traffic patterns, tuning rules within the Akamai Control Center, and responding to edge related security incidents. The Engineer will also perform Web, API, and Mobile application security development and support secure development practices across modern CI/CD pipelines.

The role includes collaborating with technical and business teams to ensure adherence to organizational security standards and regulatory frameworks such as NIST RMF, NIST CSF, PCI DSS, GDPR, ISO, and internal policy requirements. This position provides hands-on learning across multiple security domains, change management, incident documentation, and continuous improvement of the organizations overall security posture.

CANDIDATE PROFILE:

Education and Experience:

Required:

• Bachelors degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent experience/certification.
• 4-5 years of experience in information security, web/application security, IT, or development; experience with Akamai technologies (WAF, Bot Manager, API Security), RASP, ADR, SAST, DAST, MPT.
• Strong understanding of programming fundamentals (data types, loops, logic, control structures, interpretation/compilation).
• Basic experience or familiarity with application security testing methodologies and tools (e.g., Burp Suite, OWASP ZAP, Veracode), as well as vulnerability triage and remediation workflows.
• Familiarity with Akamai Control Center, Akamai WSA, Splunk, Dynatrace, or similar platforms for configuring WAF rules, monitoring traffic, and performing log analysis.
• Experience with traffic analysis and threat mitigation during security incidents.
• Understanding application security concepts, OWASP Top 10, API security, common vulnerabilities (e.g., XSS, SQLi, CSRF), and risk management.
• Knowledge of version control (Git), CI/CD pipelines, K8s, EKS, Docker, Harness and modern software development practices, and the Software Development Lifecycle (SDLC).
• Familiarity with security control frameworks and compliance standards such as NIST RMF, NIST CSF, PCI DSS, GDPR, ISO, and general control assessment/validation practices.
• Strong interest in cybersecurity, willingness to learn, and ability to collaborate with cross-functional teams including DevOps, IT, and development groups.
• Excellent written and verbal communication skills.

Preferred:

CORE WORK ACTIVITIES:

• Masters degree in Cybersecurity, Computer Science, or related discipline, or equivalent experience/certification.
• 4+ years of experience in cybersecurity, application security, DevSecOps, edge security, QA, or software development, with exposure to Akamai solutions, CI/CD pipelines, and modern development workflows.
• Current or relevant security certifications such as CISSP, Security+, CySA+, CEH, GWAPT, OSCP, GSEC, GRISC, CISA, or similar.
• Proficiency with scripting languages (Python, Bash) for automation of security tasks, monitoring, and reporting; ability to conduct independent security research.
• Hands-on experience with containerization and cloud-native technologies (Docker, Kubernetes, EKS, EC2, RDS), image scanning tools, and cloud platforms (AWS, Azure, GCP); cloud certifications a plus.
• Familiarity with governance, compliance, and risk frameworks such as NIST RMF, NIST 800-53, ISO 27001, PCI DSS; understanding of CVSS scoring and vulnerability management workflows.
• Knowledge of advanced bot detection strategies, behavioral analysis, WAF/RASP concepts, intercepting proxies, and modern threat detection techniques, AI Firewall, Fermyon, Zenity, Oligo, Cursor TMT, Tenable, Burp, Shape, AppDome, Waratek, Contrast, TMT, Apollo GraphQL, Akamai WAF, CDN, CPC, APR, CPR, Power BI, Service-Now, JIRA, Confluence.
• Experience with secure SDLC, Agile/DevOps methodologies, Git-based version control (GitHub, GitLab), and operations such as branching, merging, pull requests, issues, and code review.
• Foundational understanding of software engineering principles (SOLID, design patterns), QA testing practices, network security concepts (DoS, DNS spoofing, ARP poisoning, segmentation), cryptography fundamentals (hashing, signing, encryption), and endpoint security controls (EDR, scanning agents, HIDS, FIM).
• Experience working in regulated industries (finance, healthcare, government) or Travel & Hospitality.
• Demonstrated ability to work independently, proactively identifying problems, researching solutions, self-learning, and driving tasks forward without constant oversight.

Work location: Hyderabad, India.

Work mode: Hybrid

• Undergraduate degree or equivalent experience/certification

Marriotts core values:

At Marriott, our make us who we are. We believe that success is never final. As we change and grow, the beliefs that are most important to us stay the sameputting people first, pursuing excellence, embracing change, acting with integrity, and serving our world. Being part of Marriott Tech Accelerator means being part of a proud history and a thriving culture.