This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.

This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits.

Key Responsibilities

·      Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.

·      Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.

·      Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)

·      Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.

·      Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.

Key Accountabilities

·      Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.

·      Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.

·      Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.

·      Identify and counter technical strategies that bypass WAF solutions.

·      Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.

·      Facilitate the integration of testing procedures into CI/CD pipelines

·      Reverse-engineer attacker tactics to create effective mitigation rules.

·      Maintain and secure essential documentation and reports, ensuring traceability and compliance.

·      Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.

·      Communicate effectively with a range of stakeholders, providing updates on security-related matters

Ideal Candidate Profile

·      Strong background in ethical hacking 

·      Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.

·      Proficient in web application and API security.

·      Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.

·      Expertise in developing custom WAF rules and security testing packages.

·      Solid understanding of OWASP top 10 vulnerabilities.

·      Proficiency in at least one programming language 

·      Ability to automate security testing within CI/CD pipelines.

·      Knowledgeable in networking, cloud firewalls, and web technologies.

·      Strong grasp of DevSecOps principles and practices.

·      Awareness of Agile methodologies