Maintain enterprise best practice configurations guidelines for WAF usage across TR
Develop maintain baseline WAF security rulesets based on vendor TR best practices
Support application team WAF onboarding with rule deployments, log enrichment analysis, and rule recommendations based on analysis
Consult with Cyber Defense (SOC, CIRT, Threat Detection) stakeholders to assist with operationalizing WAF alerting to SOC supporting runbook development
Effectively communicate technical concepts to business lines and stakeholders
Collaborate with other security and network engineers to support other network security related projects such as network IDS/IPS, network DLP, and SSL inspection
Collaborate with ISRM stakeholders such as security architecture, product security, incident response, and threat detection to ensure services are meeting stakeholder expectations
Consult with application teams on supporting development of rate limiting bot management rules
About you:
Bachelor s degree preferred and/or 7+ years of relevant professional Network Security / Network Engineering experience
Minimum of 5 years in network security with a strong focus on application layer security, with at least 2 years of working experience with WAF solutions
Solid understanding of OWASP Top 10 and experience testing the most common injection vulnerabilities: Cross-site Scripting (XSS), XML External Entities (XXE), SQL Injection (SQLi), OS Command Injection.
Understanding of Denial of Service (DoS) and Distributed DoS attacks at the Network, Transport and Application layer.
Strong scripting and automation skills using languages such as Python and additionally Powershell
Proven experience with maintaining enterprise WAF capabilities with providers such as Cloudflare, Mod Security or cloud native WAF services such as AWS WAF
In-depth knowledge of security principles, protocols, and best practices.
Proficient in analyzing large datasets using tools like Splunk, Datadog, or other SIEM/logging technologies
Experience with cloud platforms such as AWS, Azure, Google Cloud, and/or OCI.
Ability to work independently while driving projects to conclusion
Preferred Qualifications
Experience testing less common injection vulnerabilities: Server-side Request Forgery (SSRF), Server Side Template Injection (SSTI), Insecure Deserialization, LDAP Injection, NoSQL Injection, Expression Language Injection.
Experience with configuration management through git based source control
Experience with Infrastructure as Code (IaC) such as Terraform, CloudFormation, ARM or Bicep.
Experience with other network security technologies such as IDS/IPS, NextGen Firewalls, network DLP, and SSL inspection capabilities.
Understanding of network transport protocols and services (TCP/IP, syslog, DNS, VLANs, VRF, SFTP, SSH, PKI, etc )
Unix/Linux knowledge, can operate in a Linux environment
