No more applications are being accepted for this job
- Configure and manage the WAF solution.
- Create, deploy, maintain and troubleshoot WAF policies for new and existing web applications
- Review vulnerabilities that impact web applications and develop WAF "Virtual Patching" solutions
- Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks
- Review WAF usage and define means to improve and mature protection policies.
- Own success/improvements/mitigations on WAF, this will be measured quarterly and yearly
- Understand web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications
- Interpret web protocol information to determine source, intent, and risk of threat agents
- Provide preventative maintenance, troubleshooting and quickly resolve problems to ensure infrastructure and application stability
- Participate in technical design activities to ensure a sound design and any infrastructure impact is understood
- Create and maintain technical documentation regarding the WAF infrastructure including network diagrams, policies and operational procedures for managing the infrastructure.
- Work closely with stakeholders and partners to ensure security requirements are met and web-applications are adequately protected from cyber-attacks
- Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks.
- Basic understanding of data flow technologies such as routing, natting, arps and associated command line tools such as tcpdump
- Awareness of mainstream operating systems and a wide range of security technologies including network firewall, IPS, and web proxy
- Willingness to coach, mentor and support team members
- Familiarity with Stackdriver logging with the capability to query and filter specific log entries based on various criteria leveraged to WAF in creating rule-based filtering and API protection.
- WAF policy development for protecting existing applications
- Experience in custom firewall rules, Anti-DDOS, Anti-Bot, Rate Limit, etc.
- Reviewing and analysing security reports
- Reviewing security techniques and technologies regularly to remain aware of best practice
- Ensuring the operation of technical systems are consistent with policies and procedures
- Following the latest security trends and vulnerabilities
- Interest in BOT management and keeping abreast of industry trends
- Security Qualifications preferred Cloudflare, AliBaba or equivalent
- Previous experience of working within a regulated environment in the financial services, Insurance industry, digital & web services.
- Full understanding of the application project life cycle and process/procedure design.
- Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls and Network Security
- Experience in Application Security and Technologies
- Experience in security vulnerability scanning. Experience with audit event collection and reporting tool sets We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your are committed to creating a diverse work environment and are proud to be an equal opportunity employer.
Web Application Firewall - Sepang, Malaysia - AirAsia
Description
Job Description
Key Responsibilities include:
Knowledge and experience of Cloudflare Products (added advantage):
Qualifications and Experience: