Requirements

Expected technologies

AWS

Our requirements

• Strong experience in working in at least one Cloud Provider (AWS preferred) and have experience working with CSP native WAF solutions or equivalent - Akamai in use of WAF Rules and DDoS protection.
• Experience working at scale in the use at least one CSP native WAF solutions or equivalent.
• Ability to demonstrate use of WAF and the applying of common rule sets within their organisation.
• Candidate should be familiar key Industry and OpenSource standards for WAF.
• Basic level of Web Security understanding and ability to guide Web Application / UI Developers on security aspects relating to non-compliance to Security baseline configuration.
• Direct experience in Monitoring and Alerting of attacks in at least one CSP.
• Strong understanding of Web Applications / HTML / JS sufficient enough to demonstrate they are capable in reviewing of signatures and identification of false positives.
• Ability to demonstrate an affective ability working with multiple functions of the business in the defining of processes, procedures and in the responding to security incidents.

Your responsibilities

• Support to coordinating migration of teams to WAF Central Rules in block mode for example.
• Development and realisation of new processes for new Operating Models.
• Overseeing development and integration of central capabilities (Central SOC/SIEM) alerting and incident response etc.
• Working with CSP Architecture and Core engineering DevOps Leads on enabling of WAF Rules on Internal facing services.
• Working with central ESP team to capture and define central security baseline rules / signatures
• Working with application teams / support to migration of their services to new Central CSP Managed Rules in block mode.
• Providing KCI reporting on compliance to new Operating Model / Central Rules and signatures by application teams.