Job
Description
Job Responsibilities : - WAF Implementation & Management: Install, configure, and maintain Web Application Firewalls (WAF) to protect web applications and APIs from common vulnerabilities and attacks (e.g., OWASP Top 10). Implement and update security rules, policies, and configurations within WAF tools (e.g., AWS WAF, Azure WAF, or third-party solutions like F5, Imperva, or Cloudflare). Collaborate with application development and infrastructure teams to ensure seamless WAF deployment across multiple environments (production, staging, etc.). Threat Detection & Mitigation: Continuously monitor traffic patterns, analyze logs, and identify potential security threats and performance issues. Perform regular vulnerability assessments and penetration testing on web applications to identify gaps in security coverage. Investigate and respond to security incidents involving web application attacks (SQL injection, XSS, DDoS, etc.). Optimization & Tuning: Optimize WAF configurations to minimize false positives and negatives, ensuring minimal impact on legitimate traffic. Fine-tune policies to handle evolving attack techniques and enhance application security. Incident Response & Troubleshooting: Collaborate with the incident response team to mitigate security incidents in real time. Troubleshoot and resolve complex WAF-related issues, working closely with network and application teams. Documentation & Reporting: Document WAF configurations, policies, and incident response activities for compliance and audit purposes. Generate regular security reports, providing insights into traffic patterns, security events, and recommendations for improvement. Continuous Improvement & Research: Stay up to date with the latest trends in web application security, WAF technology, and emerging threats. Participate in the evaluation and recommendation of new security tools and technologies to strengthen the overall security posture. Skills and Qualifications: Bachelors degree in computer science, Information Security, or a related field (or equivalent work experience). Technical Skills: In-depth experience with Web Application Firewalls (WAF) such as AWS WAF, Azure WAF, Imperva, F5, Cloudflare, or similar technologies. Strong knowledge of network security protocols (SSL/TLS, HTTP/HTTPS, DNS, etc.) and web application vulnerabilities (SQL injection, cross-site scripting, cross-site request forgery, etc.). Familiarity with security information and event management (SIEM) systems, log analysis, and incident detection tools. Hands-on experience in network traffic analysis and security monitoring tools (e.g., Wireshark, tcpdump, etc.). Experience with firewall rule creation, DDoS mitigation, and rate limiting within a WAF environment. Certifications (preferred but not required): Certified Information Systems Security Professional (CISSP). Certified Ethical Hacker (CEH). AWS Certified Security Specialty or similar cloud security certifications. CompTIA Security+ or equivalent certifications.
