WAF Security Engineer - Hyderabad, India - PURVIEW
Description
Role: WAF Security Engineer (SME)
Location: Any location in India (Hyd-pref)
Job Description :
Key Responsibilities
• Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
• Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.
• Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)
• Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.
• Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.
Key Accountabilities
• Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.
• Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.
• Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.
• Identify and counter technical strategies that bypass WAF solutions.
• Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.
• Facilitate the integration of testing procedures into CI/CD pipelines
• Reverse-engineer attacker tactics to create effective mitigation rules.
• Maintain and secure essential documentation and reports, ensuring traceability and compliance.
• Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.
• Communicate effectively with a range of stakeholders, providing updates on security-related matters
Ideal Candidate Profile
• Strong background in ethical hacking
• Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.
• Proficient in web application and API security.
• Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
• Expertise in developing custom WAF rules and security testing packages.
• Solid understanding of OWASP top 10 vulnerabilities.
• Proficiency in at least one programming language
• Ability to automate security testing within CI/CD pipelines.
• Knowledgeable in networking, cloud firewalls, and web technologies.
• Strong grasp of DevSecOps principles and practices.
• Awareness of Agile methodologies