Web Application Firewall Engineer

Job Description

Summary:

The successful candidate for the Web Application Firewall Engineer role will support the deployment of modern Web Application Firewalls across Client’s ecosystem of products and services. You will develop SIEM alerts and playbooks specific to WAF events that will trigger and support incident response procedures. You will work with world class staff and tools to identify, monitor, and address web-based attacks, while participating in a next-generation security organization. This senior position will drive security solutions relevant to Web Application Firewalls and SIEM use case development.

Responsibilities:

  • Partner with Product Security, SaaS Operations, and Engineering teams to evaluate, select, and implement WAF services at scale
  • Work with Engineering teams to coordinate WAF onboarding, explaining and coordinating any architectural or configuration changes required to support WAF deployment
  • Develop new SIEM content (Securonix Snypr) for Security Operations personnel including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize the importance of WAF events
  • Document and develop tools and processes to assist SOC and SIRT personnel in incident response, log collection, and review
  • Alleviate time-consuming SOC analyst tasks and improve SOC processes through Security Orchestration, Automation and Response (SOAR)
  • Develop actionable information in the form of technical indicators, reports, lists, rules, signatures, or signals and warnings

Requirements:

  • 7-10+ years as a Security Engineer with strong Application Security experience
  • Extensive hands on/configuration experience with Web Application Firewalls (Akamai, Imperva, CloudFlare, etc.)
  • Extensive experience with responding to WAF events and developing incident response plans
  • Experience configuring SIEM alerts based on WAF events and correlating them to backend server logs
  • Experience with modern web applications frameworks, their security requirements, and layer 7 attack mitigations (OWASP/SANS)
  • Strong proficiency in AWS and other public cloud platforms
  • Strong scripting skills (bash, python, ruby, Go, etc.)
  • Proficiency with security tools like WhiteSource, Checkmarx, Acunetix, Burp Suite Professional, and/or other application security tools
  • Working knowledge of REST API testing and related tools
  • Working knowledge of JSON, XML, http headers and related REST API authentication / authorization approaches
  • Knowledge of Web Application delivery, CDNs/WAFs, forward and reverse proxies, etc.
  • Excellent written, verbal and presentation skills are essential and required
  • Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

Preferred Qualifications:

  • Experience with the Securonix is highly desired
  • Knowledge of security triage and incident handling workflow
  • Familiarity with effective visualizations and dashboarding fundamentals
  • CISSP, SANS technology certifications and other security certifications is a plus

Reference Number: 5574