Job
Description
Job Description: Web Application Security Roles & Responsibilities - Management of Licensing, Backup and Restoration, Automation wherever its feasible Compliance of Baseline and Vulnerability Assessment Periodic Review and update of existing policy, process, documentations, configuration etc… Configuration and maintaining WAF devices to protect against common web vulnerabilities. Monitoring WAF logs and alerts to identify and respond to potential security incidents. Provide ongoing support to existing monitoring capabilities and data collection systems Create WAF rules/signatures to mitigate threats and implements. Create the policy for the new on boarding applications. Create advanced alerts/reports to meet the requirements of key stakeholders. Uploading new ASM signature Proactively implemented corrective actions to mitigate risks. Share the blocked request details. Based on application team request, finetuning WAF policies, applying signatures Participate in all the drill activity and check the traffic and ensure the status. Worked on the onboarding of new sites stage, prod instances behind WAF. WAF rule finetuning based on OWASP, new rule addition/deletion for suppressing false positives, coordinating with various teams to fix any security flaw which could not be fixed in application. CDN fine tuning for better performance, multiple origin configuration, redirects, rewrites, cert issue. Conducted periodic risk assessments and security audits, identifying potential gaps and vulnerabilities, and proactively implemented corrective actions to mitigate risks. Participate in PoC for new technology for evaluation. Participate in End-to-End Role out the new technology/solution/product and take appropriate handover from Project team for operations. Preparation of documents: SOPs, Architecture Diagram, Inventory & Asset Management, IAM, Configuration and Policy DOC, Incident Management and others Configuration and Review of Role Bases Access Controls Compliance of all Internal and External Audit observations Mandatory technology skills - NGINX WAF, F5 WAF, NSX WAF, Akamai WAF, Micro segmentation Show more Show less
