WAF Security Engineer - Hyderabad, India - PURVIEW

    PURVIEW
    PURVIEW Hyderabad, India

    2 weeks ago

    Default job background
    Description

    Role: WAF Security Engineer (SME)

    Location: Any location in India (Hyd-pref)

    Job Description :

    Key Responsibilities


    • Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.


    • Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.


    • Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)


    • Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.


    • Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.

    Key Accountabilities


    • Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.


    • Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.


    • Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.


    • Identify and counter technical strategies that bypass WAF solutions.


    • Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.


    • Facilitate the integration of testing procedures into CI/CD pipelines


    • Reverse-engineer attacker tactics to create effective mitigation rules.


    • Maintain and secure essential documentation and reports, ensuring traceability and compliance.


    • Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.


    • Communicate effectively with a range of stakeholders, providing updates on security-related matters

    Ideal Candidate Profile


    • Strong background in ethical hacking


    • Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.


    • Proficient in web application and API security.


    • Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.


    • Expertise in developing custom WAF rules and security testing packages.


    • Solid understanding of OWASP top 10 vulnerabilities.


    • Proficiency in at least one programming language


    • Ability to automate security testing within CI/CD pipelines.


    • Knowledgeable in networking, cloud firewalls, and web technologies.


    • Strong grasp of DevSecOps principles and practices.


    • Awareness of Agile methodologies