Sr. Engineer/Application & End Point Security
e& UAEUnited Arab Emirates2 hours ago
Part-timeRemote FriendlyInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Job Description
Responsible for the implementation, configuration, monitoring, and maintenance of WAF (Web Application Firewalls) deployed for internal and external customers. Work closely with the other Cybersecurity teams to ensure the protection of web applications via WAF, from various cyber threats and vulnerabilities including OWAPS Top 10 attacks. Effectively communicate and collaborate with different stakeholders for new WAF deployments and troubleshooting of operational issues at hand.
Responsibilities
Responsible for the implementation, configuration, monitoring, and maintenance of WAF (Web Application Firewalls) deployed for internal and external customers. Work closely with the other Cybersecurity teams to ensure the protection of web applications via WAF, from various cyber threats and vulnerabilities including OWAPS Top 10 attacks. Effectively communicate and collaborate with different stakeholders for new WAF deployments and troubleshooting of operational issues at hand.
Responsibilities
- End-to-end provisioning of web applications on WAF including requirements gathering, defining the scope of protection and creating appropriate/tailored web security profile on WAF as per the web application architecture.
- Fine-tune the new security policies via rigorous testing of all web application flows to ensure maximum possible suppression of false positives for effective SOC monitoring.
- Plan and perform the security enhancements on security profiles of the existing web applications protected by WAF, ensuring minimal impact on live traffic.
- Fine-tune the attack logs for existing web applications by identifying false positives and updating the security profiles accordingly for effective monitoring.
- Keep track of the web applications certificates’ expiry on WAF and get them updated well in time to avoid any impact to users.
- Evaluate all the exceptions/whitelistings for any security impact on web applications before placing them on WAF.
- Get regular Security Assessments and audits done to ensure the effectiveness of WAF configurations and policies.
- Support the SOC/Incident Response team by providing the required attack logs from WAF for incident under investigation.
- Regularly monitor WAF system resources like CPU, memory, disk utilization to be within the threshold range, and raise the flags in timely manner.
- Ensure all WAF deployments to be running up-to-date and vendor supported OS versions.
- Implement corrective measures and remediation actions to address newly discovered security vulnerabilities on WAF.
- Evaluate, plan, test and execute the WAF upgrades to latest recommend stable versions for all WAF deployments, after extensive bug-scrubbing and careful analysis of all changes in new version to ensure no impact on protected application after the upgrade.
- Maintain proper and updated documentation related to WAF HLD, LLD, configurations, security policies, applications status and owner information, for all WAF deployments.
- Identify any unusual activity and attacks by monitoring the administrative and security alerts via regular reports.
- Monitor licenses and vendor contract expiry of all WAF deployments and communicate with the stakeholders accordingly.
- Perform regular backup restoration test drill for all WAF deployments.
- Highlight the operational challenges and current issues on all WAF deployments.
- Ensure that periodic backups to remote backup server are properly configured and are running successfully as per the schedule.
- Apply compensatory security controls on WAF for protected web applications if they cannot be fixed on application end.
- Deploy and configure dedicated WAF instances based on special projects requirements and create customized security policies for protected web applications.
- Integrate all WAF deployments with security controls including, but not limited to SIEM, PAM, RSA, Solarwinds etc.
- BS (Computer Science, Information Technology, or related field).
- Certified Ethical Hacker (CEH) or similar certifications preferred.
- Proven experience in administering and managing WAF, specifically FortiWeb.
- In-depth understanding of web application security principles, including OWASP Top 10 vulnerabilities and common attack vectors.
- Strong knowledge of network protocols, firewall technologies, and web server platforms.
- Experience with scripting languages is preferred for automation and customization of WAF configurations.
- Excellent analytical and problem-solving skills, with the ability to prioritize and troubleshoot complex security issues.
- Effective communication skills, with the ability to collaborate with cross-functional teams and articulate technical concepts to non-technical stakeholders.
Key Skills
Ranked by relevanceReady to apply?
Join e& UAE and take your career to the next level!
Application takes less than 5 minutes