We are currently looking for a Cloud RTB WAF Engineer to join an existing team with one of our financial services clients.
The role will be working on a Programme deploying WAF solutions on domain/names related to covering internet-facing and the internal web applications.
This will involve using the Agile framework, working closely with Business Teams for Custom Rules and Exception handling, advise teams on False Positive analysis and Baseline policy updates. This role also requires maintaining communications / relationships with the Vendor teams when required as well as the Cloud Platform Leads. You will also be responsible for servicing existing and new requests for WAF, dealing with service issues and managing a number of requests at one time that will mean working closely with the Change Teams and other stakeholders to resolve any issues so that implementation can be as seamless as possible.
DevSecOps support for maintaining automation pipeline and delivery works, identifying additional automation use cases for RTB to better streamline processes.
They will form key relationships with senior stakeholders from the Business, Cloud Teams, Compliance and Cyber and will work closely with Project Managers; taking responsibility for early key risk identification, status reporting and escalation where required.
Skills Required
- Extensive experience with Web Application Security log analysis and that is derived from a Cyber SOC/CSIRT work background who is willing to up-skill into a WAF Engineering SME across CN WAF (AWS, Azure, GCP, Modsec) and Multi-Vendor WAF products (F5, Akamai etc.)
- Strong experience with multiple WAF solutions for edge, cloud, and on-premise
- Strong experience with cloud services and their WAF controls, ideally including one or more of the following: AWS, Azure, and GCP
- Strong understanding of Web Application security attack methods and mitigations
- Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.
- Develop custom WAF rules and features, addressing gaps and enhancing overall security measures
- Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security.
- Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.
- Providing DevSecOps pipeline maintenance support for the automation works
- Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.
- Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.
- Experience in rate limiting techniques and their integration into security configurations
- Experience of version control and update mechanisms for WAF solutions
- Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.
- Experience interfacing with SOC during WAF related security incidents
- General connectivity / network issue management / service management experience
#LI-DNI