North is a US-based company focused on providing end-to-end payment solutions. They are seeking an Application Security Engineer with a focus on Web Application Firewalls to design, deploy, and manage WAF solutions while ensuring optimal application security practices.
Responsibilities:
- Design, deploy, and manage WAF solutions for on-premise and cloud-based platforms
- Develop and fine-tune WAF policies, rules, and signatures to mitigate known threats and application abuses as well as emerging threats
- Lead incident response efforts for web application and network attacks, including root cause analysis and remediation
- Monitor and analyze inbound web traffic to identify and respond to suspicious activities, ensuring real-time threat mitigation
- Collaborate with cross functional teams to integrate WAF solutions into CI/CD pipelines and application architectures and focus on maturing WAF protections
- Maintain and optimize WAF configurations to balance security, performance, and user experience and enable process optimization and automation
- Be involved in regular security assessments, vulnerability scans, and penetration testing to identify gaps in WAF protection
- Maintain a close working relation with the Application Development team to ensure optimal protections are used for all new application releases
- Ensure adequate testing and validation and has been performed for all protections and mitigations before rollout
- Mentor team members and provide guidance on WAF best practices and troubleshooting
- Stay current with emerging threats, vulnerabilities, and industry best practices to enhance WAF strategies
- Document WAF infrastructure, create and maintain design diagrams, configurations, policies, and incident reports to ensure compliance with regulatory requirements
- Ensure an always on application delivery model by providing quick response and reaction to incidents and critical activities when needed
- Participate in on-call rotations to support 24/7 operations as needed
- Ensure application security practices and solution operations align with regulatory standards such as PCI-DSS
Requirements:
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or relevant equivalent experience
- 5+ years of experience in cybersecurity with a focus on Web Application Firewalls
- 3+ years of hands-on experience managing both on-premise WAF solutions and cloud-based WAF platforms
- Experience with application security testing, application security abuse cases, emerging threats, particularities of threats against payment and financial applications
- Experience with data analysis and SIEM tools (e.g., Grafana/Opensearch/CS NextGen SIEM) for log analysis and monitoring
- Experience with cloud platforms (AWS, Azure, GCP) and their native security tools
- Deep knowledge of web application vulnerabilities and mitigation techniques
- Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs)
- Comfortable with using terminals, scripting and automation for WAF automation use-cases
- Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines