Security Engineer II - WAF

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.

OnX is a leading technology solution provider that serves businesses, healthcare organizations, and government agencies across Canada. OnX combines deep technical expertise with a full suite of flexible technology solutions—including Generative AI, Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, OnX delivers comprehensive technology solutions for its clients’ transformative business initiatives. For more information, please visit www.onx.com.

Job Experience Required:
• 5+ years of experience in cybersecurity, with at least 2-3 years focused on WAF technologies.
• Hands-on experience with one or more WAF platforms (e.g., AWS WAF, Azure WAF, Cloudflare, F5, Imperva).
• Strong understanding of HTTP/S protocols, web application architecture, and common vulnerabilities.
• Familiarity with OWASP Top 10, DDoS mitigation, and bot protection techniques.
• Experience with log analysis tools (e.g., Splunk, ELK) and SIEM integration.

We are seeking a skilled and detail-oriented WAF Engineer to join our security implementation team. In this role, you will be responsible for the deployment, configuration, and management of Web Application Firewalls to protect our web applications from evolving threats. You will work closely with security, DevOps, and application teams to ensure robust protection and compliance.

Security Design and Deployments: Deploy, configure, and manage WAF solutions (e.g., AWS WAF, Azure WAF, Cloudflare, Imperva, Akamai). Create and maintain custom WAF rules to mitigate OWASP Top 10 vulnerabilities and other web-based threats.

Performance Tuning: Optimize performance, ensuring high availability, scalability, and minimal impact on application traffic. Provide recommendations for improving web application security posture.

Incident Response: Investigate and respond to security incidents related to web application attacks breaches, performing root cause analysis and remediation. Perform regular WAF policy tuning and false positive/negative analysis.

Policy and Rule Management: Create and enforce WAF policies and access control rules, regularly reviewing and updating them to address new threats and changes in network and application framework.

Security Best Practices: Advocate for and enforce security best practices across all stages of the development lifecycle to ensure secure application delivery. Stay updated on the latest web security trends, vulnerabilities, and threat intelligence.

Collaboration: Work closely with development teams to integrate security features and practices into new and existing applications and systems.

Documentation and Reporting: Maintain comprehensive documentation for security procedures, incidents, and system configurations. Provide regular reports and updates to stakeholders.

Compliance: Ensure that security practices comply with industry standards, regulations, and company policies.

Education:

4-year bachelor's degree or equivalent experience, preferably in Computer Science, Information Systems or Engineering (or) Three years of College or Technical School resulting in an Associate’s Degree or equivalent

Accreditation / Certification / Licenses:
• Certifications such as CEH, CISSP, AWS Security Specialty, or equivalent
• Scripting knowledge (Python, Bash) for automation and rule management
• Knowledge of CDN and reverse proxy technologies.

Special Knowledge / Skills / Abilities:

• Onboard and offboard URLs and applications
• Apply default/standard configs to onboarded applications, monitor for issues and update as needed
• Make Routine DNS updates
• Update configurations as required to WAF
• Apply rule/signature and software updates
• Submit Firewall Rule Change Requests during onboarding/offboarding
• Write and apply rules as needed, on a per-application basis
• Provide investigative & operational support to application teams as needed due to WAF implementation
• Schedule maintenance windows and communicate updates as needed
• Report on WAF coverage and/or incidents as needed (metrics)
• Support incident response teams in the event assistance is required
• Open Vendor support tickets and interact with WAF vendor as-needed
• Document all processes and procedures in an ongoing basis
• Support the establishment/improvement of WAF-related operational processes
• Execute any other miscellaneous tasks associated with the WAF operationalization initiative
• Clear communication skills
• Time Management / Self-Management
• Independent Work Skills
• Presentation skills