Job Description

Description:

As a WAF Engineer you will be responsible for using your technical knowledge of professional concepts to solve business problems. We are looking for a talented individual that can serve as a subject matter expert in their area of focus and represent their department on complex assignments. You will be responsible for evaluating elements of technology’s effectiveness through requirements gathering, testing, research and investigation and make recommendations for improvements that result in increased quality and effectiveness. You will be required to listen to and evaluate customer needs to determine and provide high quality solutions that align with customer expectations.

The Network Security team within the Network Engineering organization designs and supports our Web Application Firewall (WAF) technologies. Being part of this team, you’ll have the opportunity to design and develop security solutions that meet our business objectives. You’ll have the opportunity to grow your technical skills as you work with different areas within IT to meet future business demands. As your knowledge and ability to work across the environment increase, you’ll have opportunities for increased responsibility and career progression through a variety of network security, engineering, and architect roles.

This role requires the ability to perform application security analysis on solutions end-to-end, including identifying gaps, recommending, and implementing configuration changes and the ability to create custom threat signatures. The candidate will also ensure existing infrastructure and configuration standards are adhered to when delivering projects. Must have a strong understanding of DNS, networking, analysis, system administration, and common application frameworks. In addition, the candidate should have an in-depth understanding of cryptography, application, and network security domains. The candidate should also possess effective communication skills and be comfortable interacting with multiple teams at all levels.

Required:

• Must be committed to incorporating security into all decisions and daily job responsibilities.

• 3 years of related professional experience

• Ability to model API request using tool such as Postman.

• Understanding of API and web application attack vectors

• Ability to interpret the different components of web requests and responses.

• Demonstrated experience writing and reviewing business, user, and non-functional/system level requirements.

• Strong knowledge of system architecture and network applications.

• Familiarity with OWASP & API OWASP Top 10.

• Experience in information security or a related field.

• Ability to investigate security breaches and other cybersecurity incident.

• Monitor email and ticketing systems for security-related issues and follow through until resolution.

• Monitor events and triage alerts across various security platforms.

• Ability to manage conflicting priorities effectively.

• Proven ability to meet tight deadlines.

• Provide On-Call/afterhours support in a rotating On-Call schedule.

• 1+ years of experience using a SIEM (preferably Splunk)

• 1+ years hands-on experience with administration of Web Application Firewall (WAF/WAAP) technologies.

• 1+ years working with SSL certificates.

• In depth understanding of DNS

• Strong communication and conceptual skills with desire to share knowledge and cross-train.

• Comfortable communicating and collaborating with stakeholders, developers, and architects during facilitated sessions.

Preferred:

• Bachelor’s degree in computer science, Computer Information Systems, Cybersecurity, or related field preferred

• Experience with Akamai or Imperva WAF/WAAP solutions.

• Understanding of scripting and content creation. (e.g., Splunk dashboards, threat signature creation, Python scripts, Powershell scripts.)

• Experience with automation tools such as Ansible and Terraform

• Managing cloud security operations, including identity & access control, secure configuration management, network security, Infrastructure as Code, data security, and logging.

• 1+ year experience securing cloud applications (AWS/AZURE).

• Understanding of Version control and ability to work in Git.

• Ability to do Packet Captures (PCAPs) and interpret results.

• Experience with CSP (client-side protection) platforms.