WAF Engineer F5 Focused

RESPONSIBILITIES:

• Develop and refine complex custom WAF rules and features ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
• Coding expertise to create effective testing mechanisms for baseline and custom WAF rules integrating these tests seamlessly into automation pipelines.
• Offer subject matter expert (SME) support in various security testing areas including WAF Proofs of Concept (PoCs)
• Provide specialized WAFfocused advice on web and API attack methodologies evasions and mitigation techniques leveraging your ethical hacking background.
• Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.

Requirements:

• Utilize ethical hacking skills to safeguard the organization from webbased attacks ensuring the protection of operations reputation and customer trust.
• Conduct indepth technical evaluations of WAF solution rulesets focusing on detection and prevention of web and API security threats.
• Develop custom WAF rules and features addressing gaps and enhancing overall security measures.
• Identify and counter technical strategies that bypass WAF solutions.
• Design and implement testing protocols to evaluate the effectiveness of various security initiatives including WAF rules and new features.
• Facilitate the integration of testing procedures into CI/CD pipelines
• Reverseengineer attacker tactics to create effective mitigation rules.
• Maintain and secure essential documentation and reports ensuring traceability and compliance.
• Inform the EPS Management team about emerging threats and vulnerabilities recommending countermeasures.
• Communicate effectively with a range of stakeholders providing updates on securityrelated matters
• Strong background in ethical hacking
• Extensive experience with webbased attack methodologies including knowledge of tools payloads exploits and countermeasures.
• Proficient in web application and API security.
• Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
• Expertise in developing custom WAF rules and security testing packages.
• Solid understanding of OWASP top 10 vulnerabilities.
• Proficiency in at least one programming language
• Ability to automate security testing within CI/CD pipelines.
• Knowledgeable in networking cloud firewalls and web technologies.
• Strong grasp of DevSecOps principles and practices.
• Awareness of Agile methodologies

WAF,F5,DevSecOps / DevOps