T&T-Cyber-D&R-Manager-WAF

Job Description: Web Application Firewall (WAF) Engineer

Position Overview: We are seeking a skilled Web Application Firewall (WAF) Engineer to join our cybersecurity team. The ideal candidate will be responsible for implementing, configuring, and managing WAF solutions to protect web applications from security threats and vulnerabilities. This role requires a deep understanding of web security practices, as well as experience with various WAF technologies.

Key Responsibilities:

WAF Implementation & Management:

Deploy and configure WAF solutions in various environments (cloud, on-premises, hybrid).
Monitor and tune WAF rules and policies to optimize performance and security.
Threat Analysis & Response:

Analyze security logs and incidents to identify potential threats and vulnerabilities.
Collaborate with the incident response team to investigate and remediate security incidents.
Performance Monitoring:

Continuously monitor web traffic and application performance.
Conduct regular security assessments and audits of web applications.
Collaboration:

Work closely with development, operations, and security teams to ensure seamless integration of WAF solutions.
Provide guidance on secure coding practices and application security standards.
Documentation & Reporting:

Maintain documentation for WAF configurations, policies, and procedures.
Prepare reports on WAF performance, incidents, and security metrics.
Stay Updated:

Keep abreast of the latest security threats, vulnerabilities, and WAF technologies.
Participate in ongoing training and professional development.
Qualifications:

Education:

Bachelor’s degree in Computer Science, Information Security, or a related field.
Experience:

3+ years of experience in web application security or a related role.
Proven experience with WAF solutions (e.g., AWS WAF, Azure Application Gateway, F5, Imperva, etc.).
Skills:

Strong understanding of web application vulnerabilities (e.g., OWASP Top Ten).
Proficiency in security protocols, firewalls, intrusion detection systems, and network security.
Familiarity with scripting languages (e.g., Python, Bash) for automation tasks.
Excellent analytical and problem-solving skills.
Certifications (preferred):

Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Web Application Security Certification (e.g., GIAC Web Application Penetration Tester - GWAPT)
Work Environment:

This position may require occasional on-call support and the ability to work flexible hours.
Application Process: Interested candidates should submit their resume and a cover letter detailing their relevant experience and qualifications.