What does a successful Security Engineer (WAF) do at Fiserv?
You will work with the “Operational Application Protection Team” where your focus is on reducing the potential impact of threats to Internet facing web application systems. You will have frequent interaction with Security Assessment, Security Operations and Cyber Security Incident Response Teams working together to identify ongoing threats to the application and develop protections for web applications utilizing state of the art cyber technologies (Web Application Firewalls, Network Firewalls, Intrusion Prevention, Network Traffic Scrubbing).
What you will do:
- Maintain and operate Web Application Firewall Configurations
- Perform false positive analysis on WAF events
- Work efforts outside business-hours, when necessary, as part of on-call rotation schedule
- Act as a front-line and escalation interface to the business, reviewing trouble tickets and executing the required actions
What you will need to have:
- 10+ years related IT and cyber protection experience desired
- 5+ years’ experience with maintaining cyber technologies that can protect operational web application systems, such as F5 Big IP Application Security Manager, F5 Local Traffic Manager, F5 Silverline WAF & Denial of Service (DDOS) Scrubbing systems
- 3+ years’ experience in addressing cyber threats as related to Internet facing web applications
- 3+ years’ experience with utilizing NIST CVE data relating to web application vulnerabilities to develop threat response actions utilizing OSI Layer 4 through 7 deep inspections
- 2+ years’ experience with threat analysis of web application network traffic protocols and patterns
- 1+ year experience managing and maintaining production operational systems
- 1+ year experience using scripting or automation to reduce team workload on repetitive tasks
- Bachelor’s degree in computer science, or a relevant field, or an equivalent combination of education, work, and/or military experience
What would be great to have:
- Advanced degree in computer science or a related field
- CISSP or other professional cyber certifications desirable
- 1+ years' experience in Scripting tools like Python, Bash
- 1 year experience in TCL and iRules, Web application vulnerabilities
- 1 year experience in HTTP protocol and what HTTP application traffic looks like
#LI-RM1
R-10344434