7+ WAF Jobs in India

Designation: DevSecOps Engineer

Location: Hyderabad

Work Mode: Office

Reporting to: Associate Director- DevOps

About the Role: As a DevSecOps Engineer at Foundation AI, you'll lead efforts to enhance security for infrastructure and products. You'll need technical expertise in identifying and addressing security vulnerabilities, ensuring compliance, and integrating security best practices across the development lifecycle. Your role also involves collaborating with cross-functional teams to embed security throughout the development process.

Responsibilities:

● WorkLocation Commitment: As a DevSecOps Engineer, you'll be expected to work from our office in Hyderabad. This reflects our preference for in-person collaboration and a commitment to team cohesion.

● Rich Industry Experience: You should possess a substantial 3-6 years of experience in DevSecOps and DevOps & should have worked for product-based companies (Startup/Scaleup). This extensive experience underscores your ability to navigate complex DevsecOps challenges effectively.

● Infrastructure as Code (IaC) Security: Ensuring that application configurations are secure and compliant with security policies. Performing security checks on infrastructure code (e.g., Terraform, CloudFormation) to ensure that resources are provisioned securely.

● Operating System Expertise: Your command over operating systems is particularly vital, with a strong emphasis on Linux. This expertise ensures a solid foundation for managing and optimizing system-level operations.

● DevSecOpsMethodology: By incorporating security into the DevOps workflow, DevSecOps aims to identify and mitigate security vulnerabilities more effectively, reduce the risk of security breaches, and accelerate the delivery of secure software.

● Static Application Security Testing (SAST): Scanning the code for security vulnerabilities using tools like SonarQube, Checkmarx, or Fortify as part of the build process.

● DynamicApplication Security Testing (DAST): Conducting security testing on running applications to find vulnerabilities that attackers can exploit. Tools like OWASP ZAP or Burp Suite can be integrated into the pipeline

. ● Effective Communication and Collaboration: Exceptional communication and collaboration skills are essential. You'll work closely with cross-functional teams, bridging the gap between development and operations, and ensuring smooth coordination.

● Cloud-Native Proficiency: Knowledge of security tools specific to cloud-native environments, such as container security scanners, cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPP).

● Understanding Distributed Computing: A solid grasp of Distributed Computing principles is fundamental. It enables you to design and implement systems that can handle complex, distributed workloads effectively.

● CodingProwess: Your coding skills, particularly in Bash Shell Scripting and Python, will play a pivotal role. These skills empower you to automate tasks and develop tools to enhance system reliability and efficiency.

 Role:

● AssistSDEsandDevOpsteamsonsecuredeploymentandbestpractices. ● CreateaKnowledgebaseonsecurityvulnerabilitiesandtestcases.

● PerformsecuritytestingonWebandMobileassetsthroughachecklist

● WorkcloselywiththeProduct teamandSDE/QAtofixvulnerabilities/ issues faced by customers

● Performredteamandphishingexercisestoimprovesecurityposture

● Assist/mentor teammates on security test cases and day-to-day activities

● Workonincidentmanagementandthird-partysecurityreports

● Initiateandimproveresponsibledisclosure/Bugbountyprogram

●Brownbagsessionsandpresentationstothetechteamonsecuritybestpractices and improvements

● Work closely with business stakeholders and influence the security policy of the org .

• Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
• Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
• In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
• Proficiency in scripting languages such as Python, Bash, Groovy.
• Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
• Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
• Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
• Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
• Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
• Participate in incident handling and other related duties to support the information security function.
• The ability to learn and apply new concepts quickly
• Strong written and oral communication skills

Role : Full-Time Individual Contributor (IC)

Reporting to : Solution Architect / Program Manager

Education : BTech/ BE / MCA / MSc Computer Science

Industry : Product Engineering Services or Enterprise Software Companies

About Us

CLOUDSUFI is a Silicon Valley-based specialist Data Engineering & Cloud Technologies player with top-tier clients, favorable revenue mix, strong financial performance, and robust management. We pride ourselves in helping in the Data Discovery, Insights and Monetization for organizations. We offer quality of work, opportunities to learn new platforms/technologies that will help young engineers put themselves ahead in their careers compared to their peers in the IT Services industry. CLOUDSUFI is a Data Science and Product Engineering company building Products/Solutions for Technology and Enterprise industries leveraging the advent of Cloud Hyper Scalers and AI/ML, NLP technologies. The organization is built to scale with strong external/ internal tech capabilities and governance standards. Started in 2019, CLOUDUSUFI is a family of 250 members working towards a common goal of making the enterprise data dance. To know more, please visit https://cloudsufi.com

ABOUT THE ROLE

InfoSec Engineers will participate in all phases of a typical DevOps pipeline: plan, code, build, test, release, and deploy. He/she will be scanning our networks, applications, and containers (images). In addition to the Vulnerability Management platform, this individual will support and/or serve as a backup for AWS WAF, Guard Duty, PagerDuty, and CloudFlair security platforms.

This Includes: ● Work independently with vendors and collaborate with colleagues ● -Experience on monitoring and operation of AWS cloud infrastructure ● -Experience with AWS automation tools Terraform ● -Analyzing, Troubleshooting and resolving issues with the cloud monitoring tools as Datadog and Cloudflare ● -The ability and skill to train other people in procedural and technical topics ● -Strong communication and collaboration skills

ABOUT YOU ● 3+ years’ experience with Tenable.io platform ● 3+ years’ experience with AWS orchestration via Terraform script ● 3+ years’ experience with CloudWatch/CloudTrail/Guard Duty ● 3+ years’ experience with AWS WAF ● 3+ years’ experience with CloudFlare ● 2+ years’ experience with DataDog ● Experience with PagerDuty ● Ability to make nuanced threat assessments ● Experience with the NIST family of Information Security-related publications including 800-37, 800-30, and 800-53 ● Significant experience with PCI, SOC2, SOX, HIPAA, or other compliance regimes Salary: Best as per Industry Standards

Responsibilities :

• Determine the scope based on requirements, designing and building security components, and testing efforts, including stating the scope of work, calculating the resources, required in delivering the services and advising the senior system engineer preparing the quotation
• Install and configure services as per the approved implementation plan
• Carry out technology, professional and maintenance support services as per scope within the stipulated duration/ timeline.
• Provide level 1/2 support (basic hardware break-fix & troubleshooting of hardware and software issues) for installed services
• Provide technical deliverables such as high-level design documents, user acceptance test (UAT) doc and as-built documentation
• Provide outstanding quality of service and meet predefined customer service level agreements (SLAs)
• Undergo technical training and obtain technical certifications that are required to meet suppliers' mandatory technical requirements
• Conduct knowledge transfer training (where required)

Knowledge, Skills and Experience :

• Minimum 3 years of relevant experience
• Certified in at least one of the technology domain (Infrastructure hardware and software, network, security)
• Expertise on any two firewalls Specially - Palo Alto, Checkpoint, Fortinet, WAF
• Strong technical knowledge on the assigned solution domain/product
• Expertise in enterprise security products implementation, migration and support.
• Implements security solutions infrastructure and/or application including the design, configuration, development, testing and deployment of security-related technologies such as Firewalls, WAF, LB , IDS/IP
• Strong interpersonal skills with a customer-centric attitude; oral and written communication skills
• Strong attention to technical details, priority management and planning skills
• Ability to work independently with little to no supervision
• Results-oriented
• Security Certifications such as CCNP/CCIE Security or CCSA/CCSE/CCCP/PCNSE/Fortinet NSE1/2/3/4 are desirable

What's In It For You?

• Elective Benefits: Our programs are tailored to your country to best accommodate your lifestyle.
• Grow Your Career: Accelerate your path to success (and keep up with the future) with formal programs on leadership and professional development, and many more on-demand courses.
• Elevate Your Personal Well-Being: Boost your financial, physical, and mental well-being through seminars, events, and our global Life Empowerment Assistance Program.
• Diversity, Equity & Inclusion: It's not just a phrase to us; valuing every voice is how we succeed. Join us in celebrating our global diversity through inclusive education, meaningful peer-to-peer conversations, and equitable growth and development opportunities.
• Make the Most of our Global Organization: Network with other new co-workers within your first 30 days through our onboarding program.
• Connect with Your Community: Participate in internal, peer-led inclusive communities and activities, including business resource groups, local volunteering events, and more environmental and social initiatives