Web Application Firewall Security Engineer (AppSec)

Web Application Firewall Security Engineer

Compensation: $140,000 - $160,000 + 10% Bonus

Location: Ashburn, VA | Hybrid (2-3 days on-site) | Relocation Package available

Responsibilities

• Maintain, configure, deploy, and engineer WAF solutions
• Create Web Application Firewall rules to mitigage threats and implement best practices
• Support analyst requirements by developing advance scripts to manipulate multiple data repositories
• Develops advanced alerts/reports to meet the requirements of key stakeholders
• Develops scalable security management tools and processes
• Develops automation for security tools management and workflow integration
• Collaborates with key stakeholders within Cybersecurity and Engineering teams to develop specific use cases to address specific business needs
• Develop new SIEM content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms

Application Security:

• Knowledge of SSDLC processes
• Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
• Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
• Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
• Experience with Web Application Firewall management and rules
• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
• Excellent understanding of common network and web protocols
• Excellent understanding of DDoS techniques and mitigation mechanisms

QUALIFICATIONS

• Bachelors or Masters Degree in Computer Science or Cyber Security or any related disciplines.
• 2 - 5 years of working experience required with M.S. Degree
• 5 - 7 years of working experience required with B.S Degree
• Experience with one or more: CloudFlare, Imperva, Akamai, AWS Cloudfront
• Experience with Imperva WAF, F5 WAF, and/or CDN WAF
• Extensive expertise in Regular Expression
• Extensive scripting experience with Python, Perl, or Shell
• Strong development experience with C++, Java, Java Script
• DevSecOps experience with IaC in Terraform, Puppet, Jenkins, or CodeDeploy is a plus!
• Knowledge with GitHub, GitLab, Jira, and Confluence is a plus!
• Experience with Lambda or API Gateway is a plus!
• Cyber Defense and Incident Response experience is a plus!