Cybersecurity Engineer - Application Security

Company Overview

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.

Job Description/Preferred Qualifications

The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.

We are seeking a Cybersecurity Engineer to serve as the hands-on subject matter expert for our enterprise endpoint detection platforms. This role is responsible for the configuration, tuning, lifecycle management, and continuous improvement of our EDR and EPM tooling from a cybersecurity perspective, ensuring the platform is optimally deployed, deeply integrated with our broader security stack, and proactively evolving to address emerging threats. You will partner closely with the SOC and IT Security teams to align detection capabilities with operational workflows, serving as the primary technical liaison.

Application & Web Security Platform Engineering

• Support the design, configuration, and ongoing optimization of application and web security platforms, including WAF, API security, DAST/SAST tooling, RASP, and application-layer monitoring solutions.

• Partner with application, DevOps, and platform teams to embed security controls into new and existing applications, ensuring security requirements are implemented pragmatically without disrupting delivery.

• Define and maintain application security baselines, configuration standards, and control requirements aligned with industry best practices and KLA security architecture.

• Ensure application and web security platforms integrate effectively with SIEM, SOAR, logging pipelines, and identity platforms to maximize security visibility and detection value.

• Support the rollout of new security capabilities through structured project implementation, including requirements gathering, testing, validation, and operational handover.

• Evaluate new tooling, features, and detection capabilities, leading proof-of-concept activities and supporting informed adoption decisions.

• Monitor agent health, fleet coverage, and version compliance; manage agent lifecycle including upgrades, rollouts, and rollback procedures.

Detection Engineering & Security Visibility

• Collaborate with SOC teams to develop, tune, and maintain application- and web-layer detections mapped to MITRE ATT&CK techniques and real-world attacker behaviors.

• Improve detection fidelity by analyzing false positives, coverage gaps, and noisy signals across application logs, web telemetry, and API activity.

• Ensure critical application security events are visible, actionable, and aligned with SOC workflows and incident response playbooks.

• Assist with threat hunting activities focused on application abuse, web exploitation, authentication bypass, and API misuse using log analytics and behavioral signals.

• Support post-incident root cause analysis by correlating application telemetry, security alerts, and infrastructure data to identify control gaps and improvement opportunities.

Project Implementation & Stakeholder Support

• Act as a cybersecurity engineering resource for application and platform projects, providing implementation guidance, security validation, and operational readiness support.

• Work closely with engineering and delivery teams to translate security requirements into actionable technical controls.

• Support security architecture initiatives by validating that implemented controls meet intended design and risk objectives.

• Provide technical input into security risk assessments, application onboarding, and exception handling processes.

• Produce and maintain technical documentation, including configuration standards, integration guides, and operational runbooks.

Troubleshooting & Interoperability

• Identify and resolve complex integration and interoperability issues between application security tooling, logging platforms, CI/CD pipelines, and identity systems.

• Support troubleshooting of detection gaps, data quality issues, and performance concerns impacting security visibility.

• Serve as a technical escalation point for application security tooling issues, coordinating with vendors and internal platform owners.

• Partner with IT, cloud, and application teams to ensure security tooling scales reliably across global environments.

PREFERRED QUALIFICATIONS

• Experience supporting or participating in application security assessments, red team, or purple team activities.

• Familiarity with OWASP Top 10, API Security Top 10, and common web exploitation techniques.

• Working knowledge of application logging, observability platforms, and security telemetry pipelines.

• Experience integrating security controls into CI/CD or modern application delivery workflows.

• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, CIS Controls) and their application to software systems.

• Experience in large enterprise or regulated environments.

• Relevant certifications such as GWAPT, GWEB, CSSLP, CompTIA or equivalent practical experience.

Minimum Qualifications

• Minimum five (5) years of hands-on experience in cybersecurity, with at least two (2) years focused on application, web, or cloud security engineering.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.

• Demonstrated experience working with application or web security platforms (e.g., WAF, DAST/SAST, API security, security logging solutions).

• Solid understanding of application-layer attack techniques, threat actor TTPs, and the MITRE ATT&CK framework.

• Experience working closely with SOC, detection engineering, or incident response teams.

• Ability to analyse logs, security events, and telemetry to support detection development and incident investigations.

• Scripting or automation experience (e.g., Python, PowerShell, or similar) to support security operations and tooling integration.

• Familiarity with SIEM platforms and security analytics; experience with query languages such as KQL is a plus.

Base Pay Range: $90,400.00 - $153,700.00 Annually

Primary Location: USA-MI-Ann Arbor-KLA

KLA’s total rewards package for employees may also include participation in performance incentive programs and eligibility for additional benefits including but not limited to: medical, dental, vision, life, and other voluntary benefits, 401(K) including company matching, employee stock purchase program (ESPP), student debt assistance, tuition reimbursement program, development and career growth opportunities and programs, financial planning benefits, wellness benefits including an employee assistance program (EAP), paid time off and paid company holidays, and family care and bonding leave.

Interns are eligible for some of the benefits listed. Our pay ranges are determined by role, level, and location. The range displayed reflects the pay for this position in the primary location identified in this posting. Actual pay depends on several factors, including state minimum pay wage rates, location, job-related skills, experience, and relevant education level or training. We are committed to complying with all applicable federal and state minimum wage requirements where applicable. If applicable, your recruiter can share more about the specific pay range for your preferred location during the hiring process.

KLA is proud to be an Equal Opportunity Employer. We will ensure that qualified individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at [email protected] or at +1-408-352-2808 to request accommodation.

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees.  KLA never asks for any financial compensation to be considered for an interview, to become an employee, or for equipment. Further, KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLA’s Careers website for legitimate job postings.  KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers.  If you are concerned that a communication, an interview, an offer of employment, or that an employee is not legitimate, please send an email to [email protected] to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.