Careers
Careers
The WAF SME Engineer role calls for a skilled professional who can blend in-depth technical and security expertise with adept organisational skills to oversee and execute a range of critical tasks. This role will suit a candidate who is not only technically proficient but also enjoys learning new technologies in as fast paced environment as well as driving continuous improvement and security excellence within these areas: Key Accountabilities & Responsibilities · Ownership of all technical aspects tasks essential for passing WAF audits ensuring they are compliant and included in DevOps Automation processes, including aspects such as management plan access control, traffic visibility, application of mitigative OWASP Top 10 based rules and features, versioning strategies for each WAF solution, etc · Contribute security and technical knowledge alongside project management skills to assist with WAF exception tuning works and help addresses backlogs, in addition to assisting with the WAF Tuning Training Programme and if needed, solution design, across various vendor solutions · Contribute security and technical knowledge alongside organisational skills to assist Cyber teams with effective WAF SIEM Use Cases · Contribute to security automation efforts such as solution specific dashboards to build an overall picture per solution on WAF performance, security effectiveness and incorporation of audit compliance metrics · Provide SME assistance on the latest DevSecOps techniques to secure pipelines and cloud/native Dev and Test environments utilized by the project Key Experience – Ideal Candidate Profile: · Strong technical and organisational skills, ideally with some Project Management experience · Strong experience with multiple WAF solutions for edge, cloud, and on-premise · Strong experience with cloud and cloud native services · Strong understanding of Web Application security attack methods and mitigations · Experience in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices. · Experience with enterprise scale WAF deployments and audits and the discovery and provisioning of audit success prerequisites such as access control, versioning, certificates, rate limiting, SIEM connectors, rule sets and features · Skills in interfacing with SIEM Teams/SOC for WAF Use Case Development · Experience in conducting educational sessions or training, with an emphasis on WAF tuning · Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security. · Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations. · Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge. · Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices. · Experience in rate limiting techniques and their integration into security configurations · Experience of version control and update mechanisms for WAF solutions · Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.
We are looking for an experienced Infrastructure analyst with WAF knowledge who has expertise in web application security, content distribution and other IT infrastructure services. We expect the candidate to have practical experience in managing and administrating Enterprise/Web applications and CDN Key Responsibilities · Resolve technical issues and put together, maintain WAF TOM, Capability model. · To be the point of contact for Bank’s contracts for WAF implementation and resolve all technical issues individually or in support with CDN/WAF customer care or professional services. · Direct and ensure the successful outcome of projects – coordinate with vendor technical project team and CDN/WAF solution engineer · To coordinating various teams in the planning, execution, implementation and their successful conclusion for WAF related activities in the project. · To work closely with stakeholders by setting expectations, managing scope and risk, communicating status to senior management and ensure project meets designed business outcomes and objectives. · Own the technical components of an integration project including configuration changes, debugging, documentation, testing, and go live support · Coordinate with WAF vendor customer care to resolve issues that arise during integrations, or post implementation support. · Accurate scope implementation timelines for integrations · Identify technical risks and provide mitigation strategies · Review configurations with WAF vendor professional services team members to ensure quality and accuracy to requirements · Ability to work closely with stakeholders and service owners to ensure effective coordination of changes as per the organizations change management principles. · Collaborate with project and technical teams to ensure changes are implemented in a timely, effective and efficient manner to meet project deadlines · Coordination of Release management & ITSOs Ideal Candidate Profile · Exposure to version control systems, build and deployment tools · Knowledge in AWAF or WAF solutions is beneficial · Strong understanding of agile methodologies · Understanding of Software quality management, quality control management and version control management · Excellent verbal and written communication skills, with proven ability to disseminate information in clear and correct manner to business and technical audiences · Strong relationship building skills, with the ability positively influence the actions of others, working as a team player · Ability to manage multiple priorities, commitments and projects. · Minimum 8+ years of experience (in relevant technical skills mentioned above) · Candidate will require to work over weekend occasionally.
This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions. This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits. Key Responsibilities · Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps. · Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines. · Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs) · Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background. · Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project. Key Accountabilities · Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust. · Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats. · Develop custom WAF rules and features, addressing gaps and enhancing overall security measures. · Identify and counter technical strategies that bypass WAF solutions. · Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features. · Facilitate the integration of testing procedures into CI/CD pipelines · Reverse-engineer attacker tactics to create effective mitigation rules. · Maintain and secure essential documentation and reports, ensuring traceability and compliance. · Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures. · Communicate effectively with a range of stakeholders, providing updates on security-related matters Ideal Candidate Profile · Strong background in ethical hacking · Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures. · Proficient in web application and API security. · Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities. · Expertise in developing custom WAF rules and security testing packages. · Solid understanding of OWASP top 10 vulnerabilities. · Proficiency in at least one programming language · Ability to automate security testing within CI/CD pipelines. · Knowledgeable in networking, cloud firewalls, and web technologies. · Strong grasp of DevSecOps principles and practices. · Awareness of Agile methodologies