Web Service Protection Engineer

<div class="iCIMS_InfoMsg iCIMS_InfoMsg_Job"> <div class="iCIMS_Expandable_Container"> <div class="iCIMS_Expandable_Text"> <h2><strong>Overview</strong></h2> <p>Black Canyon Consulting <strong>(BCC)</strong> is searching for a <strong>Web Service Protection Engineer</strong> to support the National Center for Biotechnology Information<strong> (NCBI)</strong>.&nbsp;<span class="c-message__edited_label">This opportunity is full time and onsite at the NCBI in Bethesda, MD.</span></p> <p>NCBI is part of the National Library of Medicine (NLM) at&nbsp;the National Institutes of Health (NIH).&nbsp;&nbsp;<a class="c-link" href="https://www.ncbi.nlm.nih.gov/" target="_blank">NCBI</a>&nbsp;is the world’s premier biomedical center hosting over six million daily users that seek research, clinical, genetic, and other information that directly impacts biomedical research and public health – at NCBI you can literally help to accelerate cures for diseases!&nbsp;NCBI’s wide range of applications, platforms (node, python, Django, C++, you name it) and environments (big data [petabytes], machine learning, multiple clouds) serve more users than almost any other US Government Agency according to&nbsp;<a class="c-link" href="https://analytics.usa.gov/" target="_blank">https://analytics.usa.gov/</a>.<span class="c-message__edited_label">&nbsp;</span></p> <p>We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation, and tuition reimbursement. If you enjoy being a part of a high performing, professional service and technology focused organization, please apply today!</p> <div class="iCIMS_InfoMsg iCIMS_InfoMsg_Job"> <h3 class="iCIMS_Expandable_Container"><strong>Duties &amp; Responsibilities</strong></h3> <div class="iCIMS_Expandable_Container"> <ul> <li>Develop and own protection metrics and alerting — build dashboards and alert pipelines that surface anomalies across a range of network and application-layer signals.</li> <li>Perform deep log analysis&nbsp;to identify overuse, scraping, abuse, DDoS, and attack patterns across millions of daily requests.</li> <li>Operate and tune cloud-based edge security controls&nbsp;— configure and update security policies, rate limiting, and adaptive protection rules in response to evolving threats.</li> <li>Enforce traffic controls&nbsp;— apply a range of mitigation strategies to abusive traffic while minimizing impact to legitimate users.</li> <li>Monitor continuously and respond quickly&nbsp;— this role requires a bias for action. You will triage incidents and either resolve them directly or escalate to development or sysadmin teams with clear, actionable information.</li> <li>Support protection across a mixed cloud and on-premises infrastructure&nbsp;— NCBI operates services in both environments, and protection coverage must extend consistently across both.</li> </ul> <h3><strong>Requirements:</strong></h3> <ul> <li>Strong understanding of&nbsp;<strong>high-volume web service architecture</strong>&nbsp;— how traffic flows, where bottlenecks and abuse vectors appear, and how load balancers and edge infrastructure make routing decisions.</li> <li>Hands-on experience with a&nbsp;<strong>major cloud provider's security and networking stack</strong>, including: <ul> <li>Global load balancing and traffic management</li> <li>Edge-layer security policy enforcement and WAF capabilities</li> <li>Large-scale log querying and metric-driven alerting</li> </ul> </li> <li>Solid grasp of&nbsp;<strong>HTTP/HTTPS protocol internals</strong>&nbsp;— headers, TLS behavior, connection patterns, and how these relate to traffic analysis and fingerprinting techniques.</li> <li>Experience analyzing traffic using&nbsp;<strong>network and application-layer signals</strong>&nbsp;including address-based, organizational, and transport-layer fingerprinting methods.</li> <li>Familiarity with common&nbsp;<strong>web server platforms</strong>, their log formats, and configuration.</li> <li>Ability to read, write, and tune&nbsp;<strong>access control and rate-limiting rules</strong>&nbsp;under pressure.</li> <li>Comfort working across&nbsp;<strong>hybrid infrastructure environments</strong>.</li> </ul> <h3><strong>Preferred Skills:<br></strong></h3> <ul> <li>Experience with&nbsp;advanced abuse mitigation techniques, including traffic redirection and challenge-response mechanisms.</li> <li>Scripting or automation experience (Python, Bash, or similar) for log parsing and rule generation.</li> <li>Prior work protecting high-traffic government or research platforms.</li> <li>Knowledge of&nbsp;bot detection techniques&nbsp;beyond simple blocking — behavioral signals, fingerprinting, headless browser detection, and similar approaches.</li> <li>Familiarity with evolving attacker tradecraft and how modern scrapers and abusers adapt to countermeasures.&nbsp;</li> </ul> <h2 class="iCIMS_InfoMsg iCIMS_InfoField_Job">Benefits and Salary</h2> <p>We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation, and tuition reimbursement.</p> <p>We offer a competitive salary commensurate with experience and location.&nbsp;If you enjoy being a part of a high performing, professional service and technology focused organization, please apply today!</p> </div> </div> </div> </div> </div>