Job
Description
P1 C3 TSTS The Web Application Security team is responsible for deploying and maintaining the Firm's internet facing web application security controls. The technology and solution stack spans all internet facing web applications of the Institutional Security and Wealth Management Businesses. It consists of home-grown software, 3rd party software, open source products, appliances, and auxiliary services and solutions. We are looking for a fungible, enthusiastic analyst/technologist with excellent analytical, organizational and communication skills to expand our Web Application Firewall (WAF), Bot Management, CVA protection and API Security Controls team. The successful candidate will help to ensure that perimeter security for web properties keeps pace with the changing threat landscape firmwide. This is an ideal role for someone looking to broaden their application security knowledge in a complex, mission critical, security focused enterprise environment. Work with and guide global tech functions to onboard internet facing web apps to WAF Review logs, implement tuning, web blocking etc. for onboarded applications Mapping of IP addresses FQDNs to services and applications (BA) Liaising with service owners and or associated teams to gather relevant application data for WAF migration purposes (BA) Analyzing web behavior and performance to establish acceptable application thresholds SME Performing policy tuning in accordance with performance baseline SME Transitioning WAF from transparent to enforcement mode SME Data cleansing and validation Participate in proof of concepts for new security capabilities Change management: Prepare, document, implement and verify changes including communicate changes to end-users and other impacted parties Incident, Problem management: Conduct Root Cause Analysis RCA, respond to incidents and participate in postmortem analysis Participate in on-call rotation Strong analytical and problem solving skills, detail oriented, and well organized Ability to cultivate strong relationships with application owners, demonstrated written and verbal communication skills Web Network Security, with a focus on Web Application Firewalls/Controls, and their role in layered Defense in Depth Experience with Akamai or equivalent platform(s): Radware, Imperva, Shape Security, CloudFlare, etc Experience with onboarding web services into WAF Akamai, Shape, etc platforms and the lifecycle of monitor to mitigation modes Periodically assist with vulnerabilities discovered via these platforms Work with relevant teams to implement best web security practices and assist with enhancing the Firm's security posture. Strong collaboration skills across multiple teams will be required Understanding of ITIL processes Qualification The Web Application Security team is responsible for deploying and maintaining the Firm's internet facing web application security controls. The technology and solution stack spans all internet facing web applications of the Institutional Security and Wealth Management Businesses. It consists of home-grown software, 3rd party software, open source products, appliances, and auxiliary services and solutions. We are looking for a fungible, enthusiastic analyst/technologist with excellent analytical, organizational and communication skills to expand our Web Application Firewall (WAF), Bot Management, CVA protection and API Security Controls team. The successful candidate will help to ensure that perimeter security for web properties keeps pace with the changing threat landscape firmwide. This is an ideal role for someone looking to broaden their application security knowledge in a complex, mission critical, security focused enterprise environment. Work with and guide global tech functions to onboard internet facing web apps to WAF Review logs, implement tuning, web blocking etc. for onboarded applications Mapping of IP addresses FQDNs to services and applications (BA) Liaising with service owners and or associated teams to gather relevant application data for WAF migration purposes (BA) Analyzing web behavior and performance to establish acceptable application thresholds SME Performing policy tuning in accordance with performance baseline SME Transitioning WAF from transparent to enforcement mode SME Data cleansing and validation Participate in proof of concepts for new security capabilities Change management: Prepare, document, implement and verify changes including communicate changes to end-users and other impacted parties Incident, Problem management: Conduct Root Cause Analysis RCA, respond to incidents and participate in postmortem analysis Participate in on-call rotation Strong analytical and problem solving skills, detail oriented, and well organized Ability to cultivate strong relationships with application owners, demonstrated written and verbal communication skills Web Network Security, with a focus on Web Application Firewalls/Controls, and their role in layered Defense in Depth Experience with Akamai or equivalent platform(s): Radware, Imperva, Shape Security, CloudFlare, etc Experience with onboarding web services into WAF Akamai, Shape, etc platforms and the lifecycle of monitor to mitigation modes Periodically assist with vulnerabilities discovered via these platforms Work with relevant teams to implement best web security practices and assist with enhancing the Firm's security posture. Strong collaboration skills across multiple teams will be required Understanding of ITIL processes
