Web Application Firewall Security Engineer
Compensation: $140,000 - $160,000 + 10% Bonus
Location: Ashburn, VA | Hybrid (2-3 days on-site) | Relocation Package available
- Maintain, configure, deploy, and engineer WAF solutions
- Create Web Application Firewall rules to mitigage threats and implement best practices
- Support analyst requirements by developing advance scripts to manipulate multiple data repositories
- Develops advanced alerts/reports to meet the requirements of key stakeholders
- Develops scalable security management tools and processes
- Develops automation for security tools management and workflow integration
- Collaborates with key stakeholders within Cybersecurity and Engineering teams to develop specific use cases to address specific business needs
- Develop new SIEM content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms
- Knowledge of SSDLC processes
- Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
- Experience with Web Application Firewall management and rules
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
- Excellent understanding of common network and web protocols
- Excellent understanding of DDoS techniques and mitigation mechanisms
- Bachelors or Masters Degree in Computer Science or Cyber Security or any related disciplines.
- 2 - 5 years of working experience required with M.S. Degree
- 5 - 7 years of working experience required with B.S Degree
- Experience with one or more: CloudFlare, Imperva, Akamai, AWS Cloudfront
- Experience with Imperva WAF, F5 WAF, and/or CDN WAF
- Extensive expertise in Regular Expression
- Extensive scripting experience with Python, Perl, or Shell
- Strong development experience with C++, Java, Java Script
- DevSecOps experience with IaC in Terraform, Puppet, Jenkins, or CodeDeploy is a plus!
- Knowledge with GitHub, GitLab, Jira, and Confluence is a plus!
- Experience with Lambda or API Gateway is a plus!
- Cyber Defense and Incident Response experience is a plus!