Job Requisition ID: 36702
1. Work in a highly innovative and transformative business
2. Mentoring, growth and training – receive support and coaching to progress your career
3. Preventive and supportive mental health initiatives
Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization
What will your typical day look like?
The Web Application Engineer will have a strong background in cybersecurity and understanding of web application security practices. The primary responsibility of the WAF Engineer will be to ensure the effective deployment, configuration, and maintenance of our web application firewall systems for Global customers. This role requires expertise in Web Application Firewalls as well as experience with alerts and detections and data log analysis.
Role Specific Responsibilities
4. Web Application Firewall Management: Oversea the deploy, configuration, tracking and maintenance of web application firewall systems to protect our web applications against potential threats and vulnerabilities.
5. WAF Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and Cybersecurity teams.
6. Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks within the WAF. Provides investigation findings to relevant business units to help improve information security posture.
7. CDN Integration: Collaborate with the infrastructure and application teams to integrate the web application firewall with CDNs such Akamai and Radware, ensuring seamless traffic management and content delivery.
8. Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
9. Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
10. Collaboration and Training: Collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide training and guidance to other team members on WAF best practices and security awareness, as needed.
11. Collaborate with key stakeholders and senior leaders such as CISOs, CIOs and directors within Cybersecurity, Engineering, and Development teams to address business needs and security requirements.
12. Serve on teams and task groups for projects/initiatives within the business unit and/or across the organization.
About the team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.
Enough about us, let’s talk about you.
You are someone with:
Technical Skills
13. Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering, or equivalent years in experience
14. Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
15. Strong technical background with Akamai or Radware Web Application Firewall (WAF) technologies and bot mitigation security policies.
16. Proficiency in deploying and managing web application firewalls, preferably with experience in AKAMAI and RADWARE or similar tools.
17. Understanding of API security issues and API authentication.
18. Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis is highly desirable. Prior experience working with Splunk for security event management, log analysis, and threat detection.
19. Good understanding of information security principles and policy enforcement.
20. Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs.
21. Strong technical background in web development and familiarity with potential attack vectors/methods.
22. Understanding of DNS, Networks, Firewalls, SSL Certificates.
Preferred:
23. Knowledge of Web Application Firewall technologies (Akamai and Radware)
24. Ethical hacking
25. ServiceNow experience
26. Technical documentation experience
27. Familiarity with cloud security services, concepts, and best practices
28. CISSP, CISM, CISA, GIAC or other security certifications are desired