WAF Operations and Implementation Support
Operations and Technical Advice
Monitoring applications over WAF for Security incidents (24*7 Service Window)
WAF Implementation, and Day-to-Day Task ,Application Integration, Testing ,Learning ,Blocking , Migrations.
Application Security Understanding,Creating, modifying, or implementing policies or rules.
Add, remove, and modify, update security policy parameters and attack signatures policies as per Airtel Africa business requirement and standard practices
Understanding of Network Protocol
Hand-on Packet Capture /Analyser
Perform WAF signature & hotfix updates.
Quarterly review the created Policy/Rule with Client
Respond to Ticket management tool requests for WAF Incidents, Changes, and Services.
Coordinate with OEMs for product related issues and bugs
Integrate SIEM & monitoring tool with WAF virtual appliances
Upgrading the Radware OS version from N to N-1 shall be considered based on the criticality of discovered vulnerabilities during the VA scan.
Assist the Client team in mitigating vulnerabilities or observations reported during security audits, VA&PT, and regulatory technology audits (internal, external, and concurrent) for and in WAF
Analyse security breaches, make required changes/additions, and report RCA for any WAF security incident
Support Window 24X7 ,
About and GRC Technology Automation
Similar jobs
Sr. Offensive Security Engineer:
Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.
We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security.
You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.
To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.
WHAT YOU’LL DO:
- Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
- Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
- Contributing to team tooling, innovation, and improvements
- Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings
YOUR QUALIFICATIONS:
- 5+ years of experience in a penetration testing or similar offensive security role
- 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
- 3+ years of experience with dynamic and manual code auditing to identify security issues
- 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
- Experience with threat modeling, design review, or other threat analysis techniques
Bonus points:
- Experience with mobile application penetration testing
- Knowledge of cloud service providers, especially Google Cloud
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation
- Experience in CTFs, CVE research, and/or Bug Bounty programs
- Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
- Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
- In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
- Proficiency in scripting languages such as Python, Bash, Groovy.
- Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
- Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
- Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
- Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
- Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
- Participate in incident handling and other related duties to support the information security function.
- The ability to learn and apply new concepts quickly
- Strong written and oral communication skills
Security (AM/Executive)
• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
Application Security Engineer
About us:
Foxit is remaking the way the world interacts with documents through advanced PDF and digital signature technology. We are a leading global software provider of fast, affordable, and secure PDF and digital signature solutions that are used by millions of people worldwide. Winner of numerous awards, Foxit has customers in more than 200 countries and global operations. We have a complete product line and an exciting and aggressive development schedule. Our proven PDF and digital signature technology is disrupting the status quo establishment and has accelerated our company growth. We are proud to list as customers Google, Amazon, and NASDAQ, and with your skills and help, we plan to add many more. Foxit has offices all over the world, including locations in the US, Asia, Europe, and Australia.
For more information, please visit https://www.foxit.com/
You would be working for the product Foxit eSign, India office which is registered with the name of eSign Genie Software Private Limited.
Job Brief
- Review Software applications for potential security vulnerabilities by conducting application security reviews i.e., Requirements review, Design review, Code Review.
- Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, SQL injection, session hijacking, and authorization bypass vulnerabilities.
- In-depth research on Web security, familiar with the origin of various Web security problems and solution, having a tracking of Security threats of network.
- Expertise in testing web application vulnerabilities and Network related vulnerabilities.
- Practical understanding and use of commercial application security tools
- Knowledge of the Vulnerability Fixations.
- Hands on development using Java / J2EE
- Solid understanding and experience with establishing application security policies across an organization.
- Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.
- Strong self-starter who can operate independently.
What we offer you
- The chance to contribute to the creation of a sophisticated and appealing product, built from scratch with a fresh, global team!
- A fast, flexible, and rewarding incubator-like environment but with the solidity and seriousness of large and stable company in the background
- Be part of the exquisite team that will shell out the next big Foxit product all eyes on us!
- A Pluralsight subscription
- Competitive remuneration package
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Perform Mobile Application Security Testing
- Scan Network for Security Vulnerabilities
- Co-ordinate with the clients for Project related queries
- Undertake meeting with the client teams for discussing security issues and recommendations
- Create detailed security reports
- Keep track of project progress & send regular updates
- Research on Open source security tools & new security topics
- Create Security Knowledge base for the teamThe candidate should be we well versed with application security concepts, including the mitigation techniques:
- Web Application Security – OWASP Top 10
- Mobile Application Security – Mobile OWASP Top 10
- Threat Modelling
- Risk Rating Frameworks
- Web Traffic Interception (For Web/Mobile apps)
- SSL
- Network Concepts
- Web Development Basics - HTTP/HTML/JavaScript
- Basic Mobile Application Concepts (either Android or IOS)
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
Desired Skills |
To have skills: · Proven technical expertise in cyber security domains, i.e. endpoint security, application security testing. · Knowledge and experience in public cloud solutions. · Knowledge on network security, networking concepts and architectural implementations. · Knowledge on vulnerability testing and define proper remediation’s. · Shell scripting experience - Shell/Bash/Python. · Working experience of Linux operation.
Desire to have skills: · One or more of the following cyber security certifications: CEH, CISSP, OSCP, SSCP CCSP. · Excellent problem solving, and follow-up skills. · Ability to convey technical security concepts to non-technical audiences. |
-
- Manage a team of highly skilled security engineers
- Responsible for the security of all Ola applications.
- Enforce Security in SDLC, and ensure any identified vulnerabilities are fixed before a feature goes to production.
- Participate in the design review discussions to identify any security loophole, and recommend a secure design solution.
- Partner with engineering leaders across the company to help them prioritize security issues in their products.
- Run the Ola’s Bug Bounty program effectively.
- Develop a roadmap for future work to enhance security, derive a project plan, and ensure the completion of the project within the timelines.
- Mentor the team members and work towards their career growth.
Minimum Qualifications
- 7+ years of work experience in security engineering, including 2+ years of proven hands-on technical management experience of security engineers.
- Experience recruiting and managing technical teams, including performance management.
- Technical experience across security disciplines – web/mobile app security, infrastructure security, security operations center.
- Experience building relationships with stakeholders and business leaders.
- Must have Coding experience at least in one language.
- Knowledge of standards like PCI-DSS, ISO27001, GDPR etc.
BS/MS in Computer Science or equivalent experience
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts
- 5+ Years of leading an engagement.
- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.
- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).
- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.
- Deep hands-on experience leading the design, development and deployment of business software at scale.
- Experience with service-oriented architectures, private and public clouds and web services security.
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.
- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.
- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.
- Good understanding of Enterprise Networks, Security and Identity Access Management.
- Configuration management using CloudFormation and/or Chef/Puppet.
- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.
- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.
- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.
- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.
- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.
- Ability to travel to customer sites as needed.
PREFERRED QUALIFICATIONS:
- AWS Solutions Architect Certified.
- AWS Security Speciality Certified.
- CISSP, CCSP, CISM, and/or other comparable certifications.