Job Specifications
Job Description: WAF & Application Security SME
Birmingham
The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we're leveraging our digital capabilities to ensure we can continue to recruit top talent at the Bank Group. As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have.
Some careers shine brighter than others
If you're looking for a career that will help you stand out, join Bank and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, Bank offers opportunities, support and rewards that will take you further.
Bank is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
Programme Summary
Bank has a large volume of globally distributed internet web applications, and a larger volume of internal web applications, hosted across many countries and time zones. These web applications are hosted both in Bank operated Datacentre and Cloud Service Provider environments.
The Bank Web Application Firewall strategy is aiming to unify and deploy coherent, consistent, and uniform protection across the Bank for both internet and internal web applications, and in conjunction with other strategies. Additionally, it is paramount to not only ensure that the technology is in-place and performing properly, but also that the people and processes are appropriate to ensure that Bank is protected.
The role
This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF uplifts.
This role involves a strong focus on WAF Effiacy and security posture uplift by crafting efficacy testing custom rules and configurations; additionally, the role will cover WAF tuning via detailed log analysis, false positive detection and mitigation, and making tuning and configuration recommendations. The ideal candidate will have experience in SOC or CSIRT and AppSec or Ethical Hacking for in-depth log analysis and have previously worked with at least three major WAF vendors such as Akamai, F5, AWS, GCP, etc.
The successful candidate will help defend the organization and its customers from web-based attacks that could cause substantial harm to the company's operations, reputation, and customers and monitor and review tuning request, proactively assist with identifying false positives and provide expert recommendations and stay updated with the latest web security threats and trends to ensure optimal protection and performance.
Key Responsibilities
Identification and crafting of complex custom WAF rules & features to mitigate MVP and security posture gaps
Crafting efficacy testing for baseline & custom rules and features and integrating testing in the automation pipelines
Providing SME support for other security testing such as WAF PoCs, new features and solutions - with a potential cost saving if we use in-house resource instead of 3rd party vendors
Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques
Providing DevSecOps SME & pipeline build support for the automation works
Monitor and review all tuning requests.
Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance.
Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations.
Develop, test, and recommend WAF policies and rules tailored to specific applications and environments.
Proactively assist with identifying false positives
Collaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure.
Provide recommendations for WAF configuration based on best practices and security requirements.
Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards.
Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness.
Key Accountabilities
Help defend the organization and its customers from web based attacks that could cause substantial harm to the company's operations, reputation, and customers
Conduct detailed analyses and technical evaluations of various Web Application Firewall (WAF) solution rulesets and
About the Company
Coforge is a global digital services and solutions provider, that enables its clients to transform at the intersect of domain expertise and emerging technologies to achieve real-world business impact. A focus on very select industries, a detailed understanding of the underlying processes of those industries, and partnerships with leading platforms provides us with a distinct perspective. Coforge leads with its product engineering approach and leverages Cloud, Data, Integration, and Automation technologies to transform client...
Know more