Job Purpose
Information security tech team member (with skip level reporting to CISO) who is proficient in maintaining & managing WAF technology, Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security.
Duties and Responsibilities
A- Minimum required Accountabilities for this role
Application & Network Security Expertise:
Strong hands-on experience in Web Application Firewall (WAF) deployment, configuration, and management (e.g., Akamai, Cloudflare, F5 ASM / Imperva / FortiWeb).
Knowledge of Load Balancer (F5 LTM/GTM, Array / Radware ADC) technologies.
Knowledge of network security concepts (BOT protection, Zero Trust, DDoS protection, SSL/TLS, IDS/IPS).
Experience in secure network design (LAN/WAN segmentation, DMZ, VPN, NAC).
Cloud & Hybrid Security:
Exposure to public cloud security (AWS/Azure/GCP) Security Groups, NACLs, WAF, Cloud Firewalls.
Experience/knowledge in handling of CSPM & CWP incident
Knowledge of container & microservices security (Kubernetes, Docker).
Security Monitoring & Automation:
Experience with SIEM tools (Sentinel / Splunk / QRadar ) for threat detection.
Familiarity with automation tools ( SOAR / Ansible / Terraform) for security policy management.
Incident Response & Compliance:
Handling security incidents related to WAF, DDoS, and firewall breaches.
Knowledge of compliance standards (PCI-DSS, OWASP Top 10, NIST). Responsible for Incident, Problem, Change Management & Service Request.
Security agent / software compliance like AV/EDR, Vulnerability management tool, FIM, SIEM agent.
Knowledge of strong in ITIL Process.
B- Additional Accountabilities pertaining to the role
Design, implement, and manage WAF policies to protect web applications from attacks (SQLi, XSS, OWAPS top 10 etc.).
Manage & maintain security tool policies like like AV/EDR, Vulnerability management tool, FIM, SIEM agent.
Maintain compliance as per organization compliance policy
Highlight risk & mitigation plan
Conduct security assessments (vulnerability scans) for network & web apps.
Work with SOC team to investigate security alerts and improve detection rules.
Document security policies, configurations, and incident reports.
Flexible to extend beyond work hours towards accomplishing assigned tasks.
Risk analysis and mitigation
Interaction with OEM for Highly Critical technical support.
Responsible for Reports & Technical documentation.
Should be capable to guide the team/individual on requirement basis.
Communicate effectively with stakeholders & cross function teams
Responsible for MIS Reports/ Technical documents
Vendor Co ordination
Excellent spoken and written English Communication.
Strong troubleshooting, analytical, and communication skills
Good attitude towards corporate environment.
Team player & Mentor to the team.
Energetic, self-motivated and self-sufficient in accomplishing tasks.
Good analytical and problem solving skills.
Key Decisions / Dimensions
Identification of right contacts to channelise the issue/problem for closure.
Review the alert/incident and categorised True positive / False positive and take require steps.
Discuss observation response as applicable & improve security controls.
Decide if the policy and procedure documents need changes based on new regulations or audit outcomes.
Required Qualifications and Experience
a) Qualifications
Minimum 3+ years of experience in Web application monitoring (WAF)
Minimum 2+ years in Information / Cyber / application security.
b) Work Experience
Knowledge & hands-on experience in information security tool compliance & incident management (WAF, AV/EDR, Vulnerability management tool, FIM, SIEM agent)
Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs
Experience in Project management.
Positive attitude, Hard Worker and team player
Excellent Communication and Leadership Skills
Certifications like CEH (Ethical Hacking), Azure/AWS Security, WAF/application penetration testing would be an added advantage
