Application Security|4-6 years|Hyderabad
One of our leading Insurance clients is in need of a Senior Web Application Firewall engineer(Based on Imperva). The Web application Firewall engineer would closely work with our Client IT Security in the risk assessments, developing and testing implementation plans and providing solutions around Web application security
• Strong oral and written communication skills.
• Ability to work under high stress and pressure. Security Experience
• Knowledge of the common application and infrastructure level vulnerabilities - ability to explain these risks to developers and senior management.
• Ability to evaluate technical and functional specifications early within the software development process, identify possible threats or areas of weakness.
• Platform: Although this role is not systems administration position, the candidate must have deep knowledge of at least one primary operating system (Unix or Windows), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
• Network security: The candidate will be expected to understand the standard network model and the risks present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.
• The candidate should have expertise with security-related topics such as authentication, entitlements, identity management
• Understanding of OWASP Top 10 and experience in implementing OWASP security principles in web services and applications.
• An ability to provide solutions to common web application vulnerabilities i.e. sql injection, cross site scripting, web cookie security, session management, etc.
• Thorough technical proficiency with common commercial and or open source vulnerability assessment tools and techniques used for evaluating operating systems, networking devices, databases and web applications.
• Broad knowledge of security best practices, security solutions, and methodologies for conducting advance security assessments, to include manual assessments and malicious user testing.
• Experience deploying and configuring application security technologies - Web Application Firewalls.
• Perform risk assessments on IT products and services and make appropriate recommendations.
• Develop and implement security test plans, compensating controls, policies, and procedures.
• Familiarity with and experience securing UNIX/Linux/Application servers.
• OSCP/E, GWAPT, GPEN, or GXPN certification(s)