Job
Description
Job Purpose
Information security tech team member (with skip level reporting to CISO) who is proficient in maintaining & managing WAF technology, Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security.Duties and Responsibilities
A-Minimum required Accountabilities for this roleApplication & Network Security Expertise:Strong hands-on experience in Web Application Firewall (WAF) deployment, configuration, and management (e.g., Akamai, Cloudflare, F5 ASM / Imperva / FortiWeb).Knowledge of Load Balancer (F5 LTM/GTM, Array / Radware ADC) technologies.Knowledge of network security concepts (BOT protection, Zero Trust, DDoS protection, SSL/TLS, IDS/IPS).Experience in secure network design (LAN/WAN segmentation, DMZ, VPN, NAC).Cloud & Hybrid Security:Exposure to public cloud security (AWS/Azure/GCP) Security Groups, NACLs, WAF, Cloud Firewalls.Experience/knowledge in handling of CSPM & CWP incidentKnowledge of container & microservices security (Kubernetes, Docker).Security Monitoring & Automation:Experience with SIEM tools (Sentinel / Splunk / QRadar ) for threat detection.Familiarity with automation tools ( SOAR / Ansible / Terraform) for security policy management.Incident Response & Compliance:Handling security incidents related to WAF, DDoS, and firewall breaches.Knowledge of compliance standards (PCI-DSS, OWASP Top 10, NIST). Responsible for Incident, Problem, Change Management & Service Request.Security agent / software compliance like AV/EDR, Vulnerability management tool, FIM, SIEM agent.Knowledge of strong in ITIL Process.B-Additional Accountabilities pertaining to the roleDesign, implement, and manage WAF policies to protect web applications from attacks (SQLi, XSS, OWAPS top 10 etc.).Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent.Maintain compliance as per organization compliance policy Highlight risk & mitigation plan Conduct security assessments (vulnerability scans) for network & web apps.Work with SOC team to investigate security alerts and improve detection rules.Document security policies, configurations, and incident reports.Flexible to extend beyond work hours towards accomplishing assigned tasks.Risk analysis and mitigationInteraction with OEM for Highly Critical technical support.Responsible for Reports & Technical documentation.Should be capable to guide the team/individual on requirement basis.Communicate effectively with stakeholders & cross function teamsResponsible for MIS Reports/ Technical documentsVendor Co ordinationExcellent spoken and written English Communication.Strong troubleshooting, analytical, and communication skillsGood attitude towards corporate environment.Team player & Mentor to the team.Energetic, self-motivated and self-sufficient in accomplishing tasks.Good analytical and problem solving skills.Key Decisions / Dimensions
Identification of right contacts to channelise the issue/problem for closure.
Review the alert/incident and categorised True positive / False positive and take require steps.
Discuss observation response as applicable & improve security controls.
Decide if the policy and procedure documents need changes based on new regulations or audit outcomes.
Major Challenges
Handling of fast changing environment with variety of cloud service providers
Handling of compliance expectations in stringent timelines
Handling multiple stakeholders at a time
Coordination with third party consultants who assist in auditing and compliance initiatives
Required Qualifications and Experience
a)QualificationsMinimum 3+ years of experience in Web application monitoring (WAF)Minimum 2+ years in Information / Cyber / application security.b)Work ExperienceKnowledge & hands-on experience in information security tool compliance & incident management (WAF, AV/EDR, Vulnerability management tool, FIM, SIEM agent)
Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs
Experience in Project management.
Positive attitude, Hard Worker and team player
Excellent Communication and Leadership Skills
Certifications like CEH (Ethical Hacking), Azure/AWS Security, WAF/application penetration testing would be an added advantage
