Shining Sheroes
This listing was posted on hirist.
WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps)
Location:
Bangalore
Description:
Programme Summary :HSBC has a large volume of globally distributed internet web applications, and a larger volume of internal web applications, hosted across many countries and time zones. These web applications are hosted both in HSBC operated Datacentre and Cloud Service Provider environments.The HSBC Web Application Firewall strategy is aiming to unify and deploy coherent, consistent, and uniform protection across the Bank for both internet and internal web applications, and in conjunction with other strategies. Additionally, it is paramount to not only ensure that the technology is in-place and performing properly, but also that the people and processes are appropriate to ensure that HSBC is protected.The role :This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits.Key Responsibilities :- Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.- Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.- Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)- Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.- Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.Key Accountabilities :- Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.- Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.- Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.- Identify and counter technical strategies that bypass WAF solutions.- Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.- Facilitate the integration of testing procedures into CI/CD pipelines- Reverse-engineer attacker tactics to create effective mitigation rules.- Maintain and secure essential documentation and reports, ensuring traceability and compliance.- Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.- Communicate effectively with a range of stakeholders, providing updates on security-related mattersIdeal Candidate Profile :- Strong background in ethical hacking- Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.- Proficient in web application and API security.- Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.- Expertise in developing custom WAF rules and security testing packages.- Solid understanding of OWASP top 10 vulnerabilities.- Proficiency in at least one programming language- Ability to automate security testing within CI/CD pipelines.- Knowledgeable in networking, cloud firewalls, and web technologies.- Strong grasp of DevSecOps principles and practices.- Awareness of Agile methodologies (ref:hirist.tech)
Visit Our Partner Website
This listing was posted on another website. Click here to open: Go to hirist
Important Safety Tips
- Always meet the employer in person.
- Avoid sharing sensitive personal and financial information.
- Avoid employment offers that require a deposit or investment.
To learn more, visit the Safety Center or click here to report this listing.
More About this Listing: WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps)
WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps) is a Engineering Engineer Job at Shining Sheroes located in India. Find other listings like WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps) by searching Oodle for Engineering Engineer Jobs.
WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps) is a Engineering Engineer Job at Shining Sheroes located in India. Find other listings like WAF Security Engineer - Vulnerability Assessment (8-10 yrs) Bangalore (DevOps) by searching Oodle for Engineering Engineer Jobs.