Imperva WAF Engineer

Primary Skill: knowledge on OWASP top 10 vulnerabilities Web application firewall ( WAF )

Work youll do

Develop and implement comprehensive WAF protection strategies that align with clients security requirements and business objectives.

Design & Implement all the WAF functions like DDoS Protection Attack Analytics ClientSide Protection Runtime Application SelfProtection (RASP) API Security Advanced Bot Protection as per the Security requirements.

Provide oversight (incl. metrics risks and issues escalation management).Prioritize incidents and service tickets changes adhoc requests

Continuously assess and adapt the WAF protection posture to address emerging threats and vulnerabilities.

Lead the Implementation configuration and management of Imperva WAF solutions across client environments.

Ensure optimal performance scalability and availability of the Imperva WAF infrastructure.

Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks

Collaborate with the incident response team to address and resolve WAF incidents swiftly and effectively.

Provide expert guidance and consult with clients on Imperva WAF protection strategies best practices and solutions.

Conduct periodic review of WAF rules and data sources and periodic discussion with other Network Security teams to discuss / validate WAF policy/rule creation and tuning

Execute reports based on the business requirements; Work with business to oversee unstructured folder remediation

Provide oversight for operational incident tickets (P1/P2/P3) or service requests as per the agreed upon SLOs. Support with response to helpdesk inquiries L1/L2/L3 review triage and response to alerts triggered from the data protection solutions

Configure/ tune new and existing rulesets/policies for WAF as per the Clients requirements.

Regularly monitor and analyze the performance of Imperva WAF solutions to ensure they meet defined security and performance standards.

Implement optimization strategies to enhance the efficiency of WAF mitigation.

Maintain detailed documentation of configurations incident response procedures and best practices.

Prepare and deliver comprehensive reports on the status and effectiveness of Imperva WAF protection measures.

Qualifications Required:

6yrs plus experience with at least 2 years experience in WAF design implementation and operations.

Knowledge and handson experience of security tools. Experience in IPS WAF Load Balancers Firewalls and Network Security

Strong knowledge of web application security concepts OWASP Top 10 vulnerabilities and related mitigation techniques.

Experience with data protection and management techniques and process integration preferably within an enterprise organization or 3 years of experience with security architecture and engineering of network infrastructure and cloud technology preferably in multitenant environments.

Understanding of the entire ecosystem of network security including wellrounded understanding of the information security domains and their interrelations across that ecosystem.

Hands on experience with Design Implementation & operation of Imperva WAF.

Proven experience in configuring managing and troubleshooting Imperva Web Application Firewall solutions.

Level 3 experience with WAF Design & Implement support in enterprise/large corporate environment.

Contributed as Subject Matter Expert (SME) role on network security technologies.

Configured and deployed WAF related Policies for various Security Devices.

Created process documents SOPS and runbooks for managing daytoday operations

Excellent knowledge of ITIL and having strong capability to define execute and enforce key ITIL processes like incident problem and change management.

Able to plan schedule track and report on simple project timelines/milestones using collaboration tools such as ServiceNow / Jira.

Preferred:

Imperva or AWS WAF related trainings or certifications is a plus.

Experience with leading and advising clients on security to include risk governance technology regulatory drivers and IT security and frameworks such as NIST ISO ITIL standards Excellent communication/planning/organizing skills to create an efficient work environment one conducive to teamwork and collaboration and encourage good communication between Client employees and management. Knowledge of cloud security and DevSecOps practices. Prepared and ensured the standards procedures are in place for the work of his or her team.