As one of the world s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.
If youre looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!
Job Description
Key Responsibilities / Duties:
- Design, implement, and maintain web application firewall solution for Invesco s web applications.
- Collaborate with the Application and Cyber defense team to evaluate and mitigate potential threats to Invescos web applications.
- Monitor the web application firewall for security events and take appropriate action to mitigate threats.
- Configure and maintain web application firewall rules and policies to ensure optimal protection.
- Exception handling the WAF rules.
- Conduct thorough penetration tests on Applications to identify vulnerabilities.
- Simulate real-world cyber-attacks to assess the effectiveness of security controls.
- Utilize a variety of security testing tools, both commercial and open source, to identify and exploit vulnerabilities.
- Perform regular vulnerability assessments using automated tools and manual testing methods.
- Stay current with emerging security threats and trends in penetration testing methodologies.
- Provide consulting services to stakeholders on remediation and mitigation strategies.
- Writing reports based on testing output.
- Stay up to date with the latest web application security trends and techniques.
- Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities.
- Other duties as assigned.
Work Experience / Knowledge:
- 5 plus years of relevant experience in information security
- Minimum 3 years of experience in designing, implementing, and maintaining web application firewall solutions.
- Minimum 3 years in penetration testing of Web Applications.
- The candidate should also have a solid understanding of API security, API and Application standards, DevSecOps practices, Threat modeling.
- Strong understanding of web application security and common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
- Experience with web application firewall solutions such as AWS WAF, Cloudflare.
- Prior knowledge of penetration testing tools, scripting languages, software vulnerabilities, exploits and malware.
- Excellent analytical and problem-solving skills.
- Strong communication skills and ability to work well in a team environment.
- Relevant certifications such as Pentest+, Burp suite certified practitioner exam, AWS Cloud Practitioner are a plus.
- Prior experience of vulnerability management and application security
- Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications & applicable monitoring tools.
- Network infrastructure knowledge
- Security configuration knowledge
- Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public.
- Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse.
Skills / Other Personal Attributes Required:
- Experience of working in a high volume and result-oriented operational environment
- Ability to communicate assertively - verbally as well as in writing- technical information clearly and concisely, commensurate with the audience.
- Maintain strict confidentiality of all security issues.
- Must be assertive, methodical and detail oriented.
- Must be intensely curious, innovative, and think beyond existing procedures.
- Must be able to build rapport quickly and positively influence outcomes.
- Must be a team player and self-starter.
- Ability to multi-task and work on more than one initiative at a time
- Flexible - able to meet changing requirements and priorities.
- Maintain current knowledge for all applicable technical areas.
Formal Education:
- Bachelor s degree in computer science, Information Technology, Cybersecurity, or a related field.
Why Invesco
What s in it for you?
Our benefit policy includes but not limited to:
- Competitive Compensation
- Flexible, Hybrid Work
- 30 days Annual Leave + Public Holidays
- Life Insurance
- Retirement Planning
- Group Personal Accident Insurance
- Medical Insurance for Employee and Family
- Annual Health Check-up
- 26 weeks Maternity Leave
- Paternal Leave
- Adoption Leave
- Near site Childcare Facility
- Employee Assistance Program
- Study Support
- Employee Stock Purchase Plan
- ESG Commitments and Goals
- Business Resource Groups
- Career Development Programs
- Mentoring Programs
- Invesco Cares
- Dress for your Day
As one of the world s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.
If youre looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!
Job Description
Key Responsibilities / Duties:
- Design, implement, and maintain web application firewall solution for Invesco s web applications.
- Collaborate with the Application and Cyber defense team to evaluate and mitigate potential threats to Invescos web applications.
- Monitor the web application firewall for security events and take appropriate action to mitigate threats.
- Configure and maintain web application firewall rules and policies to ensure optimal protection.
- Exception handling the WAF rules.
- Conduct thorough penetration tests on Applications to identify vulnerabilities.
- Simulate real-world cyber-attacks to assess the effectiveness of security controls.
- Utilize a variety of security testing tools, both commercial and open source, to identify and exploit vulnerabilities.
- Perform regular vulnerability assessments using automated tools and manual testing methods.
- Stay current with emerging security threats and trends in penetration testing methodologies.
- Provide consulting services to stakeholders on remediation and mitigation strategies.
- Writing reports based on testing output.
- Stay up to date with the latest web application security trends and techniques.
- Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities.
- Other duties as assigned.
Work Experience / Knowledge:
- 5 plus years of relevant experience in information security
- Minimum 3 years of experience in designing, implementing, and maintaining web application firewall solutions.
- Minimum 3 years in penetration testing of Web Applications.
- The candidate should also have a solid understanding of API security, API and Application standards, DevSecOps practices, Threat modeling.
- Strong understanding of web application security and common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
- Experience with web application firewall solutions such as AWS WAF, Cloudflare.
- Prior knowledge of penetration testing tools, scripting languages, software vulnerabilities, exploits and malware.
- Excellent analytical and problem-solving skills.
- Strong communication skills and ability to work well in a team environment.
- Relevant certifications such as Pentest+, Burp suite certified practitioner exam, AWS Cloud Practitioner are a plus.
- Prior experience of vulnerability management and application security
- Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications & applicable monitoring tools.
- Network infrastructure knowledge
- Security configuration knowledge
- Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public.
- Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse.
Skills / Other Personal Attributes Required:
- Experience of working in a high volume and result-oriented operational environment
- Ability to communicate assertively - verbally as well as in writing- technical information clearly and concisely, commensurate with the audience.
- Maintain strict confidentiality of all security issues.
- Must be assertive, methodical and detail oriented.
- Must be intensely curious, innovative, and think beyond existing procedures.
- Must be able to build rapport quickly and positively influence outcomes.
- Must be a team player and self-starter.
- Ability to multi-task and work on more than one initiative at a time
- Flexible - able to meet changing requirements and priorities.
- Maintain current knowledge for all applicable technical areas.
Formal Education:
- Bachelor s degree in computer science, Information Technology, Cybersecurity, or a related field.
Why Invesco
What s in it for you?
Our benefit policy includes but not limited to:
- Competitive Compensation
- Flexible, Hybrid Work
- 30 days Annual Leave + Public Holidays
- Life Insurance
- Retirement Planning
- Group Personal Accident Insurance
- Medical Insurance for Employee and Family
- Annual Health Check-up
- 26 weeks Maternity Leave
- Paternal Leave
- Adoption Leave
- Near site Childcare Facility
- Employee Assistance Program
- Study Support
- Employee Stock Purchase Plan
- ESG Commitments and Goals
- Business Resource Groups
- Career Development Programs
- Mentoring Programs
- Invesco Cares
- Dress for your Day
