WAF Solution Architect

What you’ll do

Operating within the Vodafone Cyber Prevent - Network & Telco Domain, the main focus of this role is to lead the development of the WAF platform.  Specifically the role holder will own driving the development and adoption of the Cyber WAF platform to meet the operational and security requirements of the  application and content development team.  They will lead the adoption of CI/CD capabilities whilst ensuring the security and usability requirements are met in a balanced way.  

This role requires a number of key skills and capabilities: 

•    Understanding of the use and configuration of a WAF Platform
•    Knowledge and experience of using APIs
•    Willingness to adapt and learn in a rapidly changing environment
•    Have had some scripting knowledge of Python & other scripting tools
•    Exposure to Network reporting tools
•    Understanding of operational metrics and their use to measure performance
•    Understanding of the Cyber threat environment in the context of Web site and APIs

Global Cyber Security’s role is to inspire trust and confidence in our customers by enabling secure connectivity.  Our purpose is to proactively protect Vodafone & its customers by reducing the risks posed by security threats to Vodafone’s global technology infrastructure and the sensitive data it holds.  

The Cyber Security WAF Solution Architect will be required to operate effectively in a complex, dynamic, and constantly changing environment.  Active & compelling engagement of teams and stakeholders will be crucial in creating the momentum required.  This role requires an engineer who is technically competent, an effective communicator and collaborator to deliver the consistency & risk reduction outcomes required.

This role requires significant WAF and Cyber experience, with exposure to DevOps. CI/CD and automation

Who you are

Detailed role requirements:
 

• Experience with leading WAF solutions.
• Solid understanding of network protocols, HTTP/S, and web technologies.
• In-depth knowledge of web application security principles and threat landscapes.
• Familiarity with security frameworks and standards, including OWASP Top 10, NIST, and PCI-DSS.
• Understanding of API security best practices and standards, such as OWASP API Security Top 10.
• Hands-on experience in configuring WAF policies, rules, and signatures to mitigate web threats like SQL injection, XSS, and DDoS attacks.
• Proficiency in CI/CD tools, particularly Azure DevOps, for automating security testing and policy enforcement.
• Experience in integrating security measures into CI/CD pipelines to ensure continuous protection throughout the development lifecycle.
• Experience with Terraform for defining, deploying, and managing WAF infrastructure.
• Capability to develop and maintain Terraform modules for consistent and automated WAF deployment across environments.
• Proficiency in securing APIs with WAF solutions to protect against common API vulnerabilities such as injection attacks, broken authentication, and data exposure.
• Scripting skills in languages such as Python and YAML scripting for automating WAF deployment, configuration, and testing.
• Understanding of operational metrics and their use to measure performance.
• Supporting security audits by providing necessary documentation and reports related to WAF deployments and policies.
• Commitment to staying updated with the latest trends and technologies in web application security.
• Proactively seeking opportunities to enhance WAF solutions through continuous improvement and adoption of advanced practices.

Technical / Professional Experience 

• Good understanding of the internet and how web content is hosted
• Understanding of how a WAF functions and how it is utilised to protect content
• A clear and analytical approach to problem solving.
• Whilst not essential, a good appreciation of Python & YAML (creation , usage of scripts) would be a distinct advantage.
• Agile delivery using Scrum or Kanban methodologies

Key accountabilities and decision ownership: 

• Working with the Network and Telco  Domain Leadership team to define and implement Vodafone’s strategy for WAF.
• Work in collaboration with the Product Manager  to define the strategic plan for WAF to ensure alignment with emerging threats and operational requirements.
• Act as Vodafone’s WAF expert coaching and guiding the wider WAF team including DRs and offshore, able to explain using key data the current protection of web content.
• Working with the Platform leads and fellow Software Developers to ensure that all the cyber security platforms within the domains are: globally consistent; effective and efficient; have the right technical adequacy and coverage; and are delivering the optimum risk reduction effect.

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to apply as you may be the right candidate for this role or another role, and our recruitment team can help you see how your skills fit in.

What's in it for you

G Band:

• Discretionary yearly bonus: 10%
• Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
• Charity days: 5 days/year
• Maternity/adoption leave: 52 weeks out of which the first 13 weeks are fully paid followed by 26 weeks of half pay and 6 months - working 4 days, getting paid 5
• Paternity leave: 16 weeks fully paid
• Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
• Access to: private medical, private dental, free health assessments, share save scheme
• Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who we are

#groupresourcing  #grouptalentacquisition