Search for More Jobs
Forward job to a friend
Apply without Registering
Apply by creating/using an account
Location: Nashville, TN
Demand id: 630262
Salary: Max $110K
[Key Responsibilities include:
· Create, deploy, maintain and troubleshoot F5 ASM policies for new and existing web applications
· Configure and manage WAF configuration for Imperva cloud WAF.
· Review vulnerabilities that impact web applications and develop WAF "Virtual Patching” solutions
· Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks
· Review WAF usage and define means to improve and mature protection policies
· Understand web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications
· Interpret web protocol information to determine source, intent, and risk of threat agents
· Provide preventative maintenance, troubleshooting and quickly resolve problems to ensure infrastructure and application stability
· Participate in technical design activities to ensure a sound design and any infrastructure impact is understood
· Create and maintain technical documentaiton regarding the WAF instructure including network diagrams, policies and operational procedures for managing the infrastructure.
· Work closely with Development, QA, Operations, InfoSec, and design engineers to ensure security requirements are met and web-applications are adequately protected from cyber-attacks
· Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks.
· Basic understanding of data flow technologies such as routing, natting, arps and associated command line tools such as tcpdump
· Awareness of mainstream operating systems and a wide range of security technologies including network firewall, IPS, and web proxy.
Knowledge and experience of F5 Load Balancers and Products:
· WAF policy development for protecting existing applications
· Reviewing and analysing security reports
· Reviewing security techniques and technologies regularly to remain aware of best practice
· Ensuring the operation of technical systems are consistent with policies and procedures
· Following the latest security trends and vulnerabilities
Qualifications and Experience:
10 +years of WAF expereinece
· Security Qualifications preferred e.g. F5 CTS-ASM/CISSP/CISM/ISC2/CEH or equivalent
· Previous experience of working within a regulated environment i.e. in the financial services, Insurance industry
· Full understanding of the application project life cycle and process/procedure design.
· Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls and Network Security
· Experience in Application Security and Technologies
· Experience in security vulnerability scanning. Experience with audit event collection and reporting toolsets
Required Non-Technical Skills:
· Proven analytical and problem-solving abilities.
· Ability to conduct research into IT security issues and products as required.
· Self-motivated and directed.
· Keen attention to detail.
· Team-oriented and skilled in working within a collaborative environment.
· High Integrity & work ethic, good communication skills, positive demeanour
· Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
Apply by creating/using an account