Cloud and Application Security Engineer

Job Summary

Deployment and management of web application firewalls and vulnerability management to protect cloud and on-premises environments from cyber threats.

Responsibilities

• Create, deploy, maintain, and troubleshoot F5 ASM policies to secure new and existing web applications
• Configure and manage Web Application Firewall (WAF) settings for Azure and AWS cloud environments
• Review web application vulnerabilities and develop WAF virtual patching solutions to mitigate risks
• Monitor and analyze activity logs to detect malicious traffic and indicators of compromise while minimizing false positives
• Evaluate WAF usage and implement improvements to enhance protection policies
• Collaborate with developers and security teams to ensure security requirements are met and applications are protected from cyber-attacks
• Interpret web protocol data to identify threat sources, intent, and risk levels
• Provide preventative maintenance and promptly resolve infrastructure and application issues to maintain stability
• Participate in technical design reviews to assess infrastructure impact and ensure sound security architecture
• Create and maintain technical documentation including network diagrams, policies, and operational procedures for WAF infrastructure management
• Manage the full vulnerability management lifecycle by performing assessments, generating reports, and collaborating with stakeholders to prioritize and remediate vulnerabilities
• Execute firewall change requests and troubleshoot network connectivity issues related to firewall configurations and policies

Experience and Skills Requirements

• Full understanding of the application project life cycle and process/procedure design.
• Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls (e.g. Palo Alto) and Network Security
• Experience in Application Security and Technologies
• Experience in security vulnerability scanning. Experience with audit event collection and reporting toolsets
• Experience in vulnerability management processes, including assessment, reporting, and stakeholder engagement to ensure timely identification and remediation of security vulnerabilities.
• Proficiency in SIEM platforms with demonstrated ability to develop custom reports and dashboards
• Experience with Cloud Security

Certifications

• Security certifications such as F5 CTS-ASM, CISSP, CISM, ISC2, CEH, PCNSE, or equivalent
• Cloud security or related certifications