Technology Lead

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you’re passionate about developing your career, while helping others along the way, come join the Broadridge team. Skill Requirements: Technical Skills Bachelor's degree in computer science, Information Technology, Cybersecurity, or a technology-related field. 7+ years of experience in Information Security, Application Security, Network Security, Cloud Security, Infrastructure Security, Security Engineering, or related technology roles. Working knowledge of WAF technologies, implementation approaches, policy configuration, rule tuning, alert review, false-positive handling, and enforcement modes. Strong understanding of DNS concepts, including domains, subdomains, CNAME records, A records, TTL, propagation, routing changes, domain validation, and DNS cutover planning. Good understanding of web application traffic flows, including HTTP/HTTPS, TLS certificates, reverse proxies, load balancers, CDNs, API gateways, origin servers, and ingress/egress routing. Basic understanding of web application security risks, including OWASP Top 10, injection attacks, cross-site scripting, authentication weaknesses, access control issues, malicious bots, and denial-of-service considerations. Basic understanding of cloud services, cloud networking, cloud security concepts, cloud-hosted application architectures, and cloud-native WAF services such as AWS WAF, Azure Web Application Firewall, Google Cloud Armor, or equivalent services. Familiarity with application hosting models, including on-premises, hybrid, cloud-hosted, SaaS, containerized, and API-based environments. Experience supporting security implementation projects involving application, network, infrastructure, cloud, vendor, and business teams. Familiarity with change management, production cutover planning, rollback planning, deployment validation, and post-implementation monitoring. Ability to review technical documentation, architecture diagrams, traffic flows, DNS records, certificates, WAF logs, rule triggers, and implementation evidence. Experience with ServiceNow, Jira, Confluence, SharePoint, or similar workflow, documentation, and tracking platforms. Ability to create implementation trackers, status dashboards, risk logs, cutover plans, test plans, stakeholder updates, and operational documentation. Soft Skills Strong stakeholder and program management skills, with the ability to work as a collaborative team player while coordinating across applications, infrastructure, network, cloud, DNS, security, vendor, and business teams. Excellent verbal and written communication skills, with the ability to clearly explain technical details, risks, blockers, recommendations, and next steps to both technical and non-technical stakeholders. Strong ownership, accountability, and organizational skills to drive multiple WAF implementations in parallel from intake through deployment, validation, and closure. Strong problem-solving and influencing skills, with the ability to identify technical dependencies, manage risks, escalate blockers, and keep cross-functional teams aligned toward implementation milestones. Role and Responsibilities: Drive end-to-end WAF implementation for in-scope applications, websites, APIs, and internet-facing services, including intake, technical discovery, configuration, testing, validation, production cutover, and post-implementation review. Partner with application, infrastructure, network, cloud, DNS, vendor, and Information Security teams to plan and execute WAF onboarding activities. Gather and document key application and environment details, including URLs, domains, subdomains, origin IPs, ports, certificates, traffic patterns, hosting details, ownership, and business criticality. Support DNS and traffic routing activities such as CNAME updates, domain validation, routing changes, cutover planning, rollback planning, and post-change verification. Work with technical teams to understand application architecture, traffic flows, load balancers, CDNs, reverse proxy configurations, cloud hosting models, and related security dependencies. Assist in defining, implementing, testing, and tuning WAF policies, managed rules, custom rules, exclusions, allowlists, blocklists, rate limiting, bot controls, logging, alerting, and enforcement modes. Review WAF alerts, blocked requests, false positives, rule triggers, and traffic patterns during implementation and tuning to ensure effective protection with minimal business impact. Ensure WAF implementations consider application security risks such as OWASP Top 10, authentication flows, APIs, file uploads, business-critical transactions, and user experience impact. Track implementation progress, dependencies, risks, issues, blockers, and completion status across multiple applications or workstreams. Develop and maintain implementation plans, cutover checklists, testing evidence, deployment status, risk summaries, stakeholder updates, and operational documentation. Support change management activities, including change request preparation, deployment communications, rollback steps, implementation windows, and post-implementation validation. Identify and escalate risks such as DNS ownership gaps, certificate issues, incomplete documentation, unsupported traffic flows, application compatibility issues, unclear ownership, or insufficient testing. Provide clear implementation status, risk updates, recommendations, and next steps to management and key stakeholders. Contribute to process improvements, onboarding templates, implementation playbooks, checklists, and repeatable WAF deployment practices Good to Have Experience with WAF platforms, CDN, DDoS protection, bot management, API security, edge security platforms, or cloud-native application protection services such as Akamai, Cloudflare, F5, Imperva, AWS WAF, Azure Web Application Firewall, or Google Cloud Armor. Familiarity with Terraform, infrastructure-as-code, cloud-native deployment practices, TLS certificate management, WAF log analysis, rule tuning, exception handling, and security monitoring. Relevant certifications such as Security+, AWS Cloud Practitioner, AWS Security Specialty, Azure Fundamentals, Azure Security Engineer, CCSP, CCSK, CISSP, or similar certifications; experience in regulated industries such as financial services, banking, capital markets, healthcare, or insurance is a plus. We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company—and ultimately a community—that recognizes and celebrates everyone’s unique perspective. Use of AI in Hiring As part of the recruiting process, Broadridge may use technology, including artificial intelligence (AI)-based tools, to help review and evaluate applications. These tools are used only to support our recruiters and hiring managers, and all employment decisions include human review to ensure fairness, accuracy, and compliance with applicable laws. Please note that honesty and transparency are critical to our hiring process. Any attempt to falsify, misrepresent, or disguise information in an application, resume, assessment, or interview will result in disqualification from consideration. Broadridge Financial Solutions (NYSE: BR) is a global technology leader with trusted expertise and transformative technology, helping clients and the financial services industry operate, innovate, and grow. We power investing, governance, and communications for our clients – driving operational resiliency, elevating business performance, and transforming investor experiences. Our technology and operations platforms process and generate over 7 billion communications annually and underpin the daily average trading of over $15 trillion in equities, fixed income, and other securities globally. A certified Great Place to Work®, Broadridge is part of the S&P 500® Index, employing over 15,000 associates in 21 countries. LinkedIn Facebook Instagram Twitter YouTube Glassdoor The Muse Broadridge is committed to creating an engaging workplace for the most talented associates in our industry. We are dedicated to fostering a collaborative, inclusive, and healthy environment that promotes flexibility and accountability. As a leading provider of technology, communications, and data and analytics solutions to businesses around the world, it is critical that we understand, embrace, and operate in a multicultural environment. Every associate has unique strengths, which, when fully appreciated and embraced, allow individuals to perform at their best, leading to our success. We believe that our associates are our most important asset. Encouraging professional development opportunities is a core part of our culture. Broadridge provides educational opportunities, including formal classes, training programs and events. To enable learning in our hybrid working model, Broadridge has redesigned all development programs for 100% virtual delivery. Our associates have access to 8,500+ online courses covering business, leadership, technical, and function-specific topics through our LinkedIn Learning program.