Job Description:
This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions. This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits.
Key Responsibilities
. Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
. Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.
. Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)
. Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.
. Contribute to DevSecOps/DevOps with security testing expertise to enhance the automation aspects of the project.
Key Accountabilities
. Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.
. Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.
. Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.
. Identify and counter technical strategies that bypass WAF solutions.
. Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.
. Facilitate the integration of testing procedures into CI/CD pipelines
. Reverse-engineer attacker tactics to create effective mitigation rules.
. Maintain and secure essential documentation and reports, ensuring traceability and compliance.
. Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.
. Communicate effectively with a range of stakeholders, providing updates on security-related matters
Ideal Candidate Profile
. Strong background in ethical hacking
. Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.
. Proficient in web application and API security.
. Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
. Expertise in developing custom WAF rules and security testing packages.
. Solid understanding of OWASP top 10 vulnerabilities.
. Proficiency in at least one programming language
. Ability to automate security testing within CI/CD pipelines.
. Knowledgeable in networking, cloud Firewalls, and web technologies.
. Strong grasp of DevSecOps principles and practices.
. Awareness of Agile methodologies