-
Job Description
Position: WAF(Web Application Firewall) Engineer / SME
Location: United Kingdom
Experience: 5 Years
Notice Period: Immediate / 30 Days
If the below job description is relevant kindly share your updated profile to syed.raja@3i-infotech.com with below required information to proceed further.
Total Experience:
Relevant Experience WAF (Web Application Firewall):
CTC
ECTC
Current Location:
Preferred Location:
NP:
Key Experience – Ideal Candidate Profile:
- Strong technical and organizational skills, ideally with some Project Management experience
- Strong experience with multiple WAF solutions for edge, cloud, and on-premise
- Strong experience with cloud and cloud-native services
- Strong understanding of Web Application security attack methods and mitigations
- Experience in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.
- Experience with enterprise-scale WAF deployments and audits and the discovery and provisioning of audit success prerequisites such as access control, versioning, certificates, rate limiting, SIEM connectors, rule sets and features.
- Skills in interfacing with SIEM Teams/SOC for WAF Use Case Development
- Experience in conducting educational sessions or training, with an emphasis on WAF tuning.
- Capability to design and implement bespoke WAF processes and documentation underpinned by a thorough understanding of web application security.
- Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.
- Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.
- Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.
- Experience in rate-limiting techniques and their integration into security configurations.
- Experience of version control and update mechanisms for WAF solutions
- Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.
Key Accountabilities & Responsibilities
- Ownership of all technical aspects tasks essential for passing WAF audits ensuring they are compliant and included in DevOps Automation processes, including aspects such as management plan access control, traffic visibility, application of mitigative OWASP Top 10 based rules and features, versioning strategies for each WAF solution, etc.
- Contribute security and technical knowledge alongside project management skills to assist with WAF exception tuning works and help address backlogs, in addition to assisting with the WAF Tuning Training Programme and if needed, solution design, across various vendor solutions.
- Contribute security and technical knowledge alongside organisational skills to assist Cyber teams with effective WAF SIEM Use Cases
- Contribute to security automation efforts such as solution-specific dashboards to build an overall picture per solution on WAF performance, security effectiveness and incorporation of audit compliance metrics.
- Provide SME assistance on the latest DevSecOps techniques to secure pipelines and cloud/native Dev and Test environments utilised by the project.
Regards,
Syed
Executive Talent Acquisition – Middle East