Sr. Security Engineer - WAF - New York , New York | STAND 8 Careers |
Sr. Security Engineer will be responsible for helping client adopt, deploy, and migrate all existing WAF technology to a new global cloud WAF technology and support them as they achieve global coverage. Based on the success of this engagement engineer will directly contribute to business development to expand WAF services to new customers.
STAND 8 provides end to end IT solutions to enterprise partners across the United States and with offices in New Jersey, LA, Atlanta, New York, Raleigh, and more.
- Scope and make changes to client WAF in various environments as it relates to access control and security
- Mentor Junior staff to progress competency and professional development of the team
- Prepare formal and informal training for team members and clients
- Scope and POC projects for clients new and existing
- Work with PM and Account Managers to provide SME perspective for WAF
- Help distribute and manage work loads and project tasks for junior staff and interns
- Great communication skills (written & oral)
- Client facing consulting experience
- Experience in discussing WAF with developers and managers
- Explaining how WAF rules work
- Ability to explain WAF infrastructure and topologies from a high level
- Comfortable learning new customer environments, determining appropriate WAF solution, implementation, testing and support responsibilities
- Ability to run project work and delegate tasks to junior staff.
- Working knowledge of the software development life cycle (SDLC) and how WAF fits into the picture
- Understanding of Web threats and the OWASP top ten vulnerabilities
- Understanding of how to attack web apps and different indicators of an attack are desired
- Solid understanding of different WAF platforms and their deployment topologies (cloud, on prem reverse proxy, on app, etc.)
- Solid understanding of web technologies and protocols at various levels of the stack:
- HTTP, WebSocket
- Application frameworks - .NET, NodeJS, Flask, etc.
- platform servers - IIS, Apache, Nginx
- Understanding of WAF evasion techniques (e.g. encodings, origin bypass)
- Expert at reviewing HTTP trace logs
- Expert at troubleshooting WAF related issues:
- rule is not firing properly
- client is unsure what the issue is, but they do know their application is not functioning after WAF deployment
- Expert at deploying WAF for new applications
- ability to gather client requirements and interpret them accurately.
- Deep understanding of WAF Security policies and how to implement them for applications behind WAF
- service configuration
- policy configuration
- Ability to provide accurate recommendations on WAF tuning/deploying/troubleshooting to clients
- Ability to provide accurate reporting to clients based on:
- job the analyst has been performing (e.g. metrics and more)
- reporting on web app usage and security alerts
- Experience with AWS and/or Microsoft Azure
- Familiarity with RASP solutions