Web Application Firewall
3 weeks ago
Job Description
Key Responsibilities include:
Configure and manage the WAF solution.
Create, deploy, maintain and troubleshoot WAF policies for new and existing web applications
Review vulnerabilities that impact web applications and develop WAF “Virtual Patching” solutions
Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks
Review WAF usage and define means to improve and mature protection policies.
Own success/improvements/mitigations on WAF, this will be measured quarterly and yearly
Understand web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications
Interpret web protocol information to determine source, intent, and risk of threat agents
Provide preventative maintenance, troubleshooting and quickly resolve problems to ensure infrastructure and application stability
Participate in technical design activities to ensure a sound design and any infrastructure impact is understood
Create and maintain technical documentation regarding the WAF infrastructure including network diagrams, policies and operational procedures for managing the infrastructure.
Work closely with stakeholders and partners to ensure security requirements are met and web-applications are adequately protected from cyber-attacks
Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks.
Basic understanding of data flow technologies such as routing, natting, arps and associated command line tools such as tcpdump
Awareness of mainstream operating systems and a wide range of security technologies including network firewall, IPS, and web proxy
Willingness to coach, mentor and support team members
Familiarity with Stackdriver logging with the capability to query and filter specific log entries based on various criteria leveraged to WAF in creating rule-based filtering and API protection.
Knowledge and experience of Cloudflare Products (added advantage):
WAF policy development for protecting existing applications
Experience in custom firewall rules, Anti-DDOS, Anti-Bot, Rate Limit, etc.
Reviewing and analysing security reports
Reviewing security techniques and technologies regularly to remain aware of best practice
Ensuring the operation of technical systems are consistent with policies and procedures
Following the latest security trends and vulnerabilities
Interest in BOT management and keeping abreast of industry trends
Qualifications and Experience:
Security Qualifications preferred Cloudflare, AliBaba or equivalent
Previous experience of working within a regulated environment in the financial services, Insurance industry, digital & web services.
Full understanding of the application project life cycle and process/procedure design.
Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls and Network Security
Experience in Application Security and Technologies
Experience in security vulnerability scanning. Experience with audit event collection and reporting tool sets
We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your are committed to creating a diverse work environment and are proud to be an equal opportunity employer.
