What does a successful WAF Security Engineer do at Fiserv?
You will Work in a dynamic and challenging environment where your focus is on reducing the potential impact of threats to Internet facing web application systems. You will frequently interact with Security Assessment, Security Operations and Cyber Security Incident Response Teams working together to identify ongoing threats to the application. You will develop protections for web applications utilizing state of the art cyber technologies (Web Application Firewalls, Network Firewalls, Intrusion Prevention, Network Traffic Scrubbing ) protecting operational applications in real-time. While stopping bad actors in their tracks, this role will sharpen your skills. Skills in high demand by Global Cyber Security & Fraud teams.
What you will do:
- Maintain and operate Web Application Firewall Configurations.
- Perform false positive analysis on WAF events.
- Be comfortable driving work efforts outside business-hours, when necessary, as part of on-call rotation schedule.
- Act as a front-line and escalation interface to the business, reviewing trouble tickets and executing the required actions.
- Be Self-motivated to identify requirements for projects and process improvements.
What you will need to have:
- 10+ years related IT and cyber protection experience.
- Strong understanding of cyber threats as related to Internet facing web applications.
- Experience with utilizing NIST CVE data relating to web application vulnerabilities to develop threat response actions utilizing OSI Layer 4 through 7 deep inspections.
- Experience with threat analysis of web application network traffic protocols and patterns .
- Experience using scripting or automation to reduce team workload on repetitive tasks and communicating with CISO/CIO/CTO level leadership.
- CISSP or other professional cyber certification desirable.
- Bachelor’s degree in cyber security, Computer Science, Engineering, Mathematics or an equivalent combination of education, work, or military experience.
- Expert knowledge of and experience with maintaining cyber technologies that can protect operational web application systems, such as:
- Signal Sciences WAF / F5 Big IP Application Security Manager.
- F5 Local Traffic Manager / F5 Silverline WAF & Denial of Service (DDOS) Scrubbing systems.
- F5 Distributed Cloud WAF / Radware WAF.
What would be great to have:
- Scripting skills (Python, Bash).
- Knowledge of TCL and iRules.
- Strong understanding of web application vulnerabilities.
- Strong understanding of HTTP protocol and what HTTP application traffic looks like.
#LI-RM1
R-10371148
