Web Application Firewall - Sepang, Malaysia - AirAsia

Description

Job Description

Key Responsibilities include:

Configure and manage the WAF solution.

Create, deploy, maintain and troubleshoot WAF policies for new and existing web applications

Review vulnerabilities that impact web applications and develop WAF "Virtual Patching" solutions

Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks

Review WAF usage and define means to improve and mature protection policies.

Own success/improvements/mitigations on WAF, this will be measured quarterly and yearly

Understand web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications

Interpret web protocol information to determine source, intent, and risk of threat agents

Provide preventative maintenance, troubleshooting and quickly resolve problems to ensure infrastructure and application stability

Participate in technical design activities to ensure a sound design and any infrastructure impact is understood

Create and maintain technical documentation regarding the WAF infrastructure including network diagrams, policies and operational procedures for managing the infrastructure.

Work closely with stakeholders and partners to ensure security requirements are met and web-applications are adequately protected from cyber-attacks

Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks.

Basic understanding of data flow technologies such as routing, natting, arps and associated command line tools such as tcpdump

Awareness of mainstream operating systems and a wide range of security technologies including network firewall, IPS, and web proxy

Willingness to coach, mentor and support team members

Familiarity with Stackdriver logging with the capability to query and filter specific log entries based on various criteria leveraged to WAF in creating rule-based filtering and API protection.

Knowledge and experience of Cloudflare Products (added advantage):

WAF policy development for protecting existing applications

Experience in custom firewall rules, Anti-DDOS, Anti-Bot, Rate Limit, etc.

Reviewing and analysing security reports

Reviewing security techniques and technologies regularly to remain aware of best practice

Ensuring the operation of technical systems are consistent with policies and procedures

Following the latest security trends and vulnerabilities

Interest in BOT management and keeping abreast of industry trends

Qualifications and Experience:

Security Qualifications preferred Cloudflare, AliBaba or equivalent

Previous experience of working within a regulated environment in the financial services, Insurance industry, digital & web services.

Full understanding of the application project life cycle and process/procedure design.

Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls and Network Security

Experience in Application Security and Technologies

Experience in security vulnerability scanning. Experience with audit event collection and reporting tool sets

We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your are committed to creating a diverse work environment and are proud to be an equal opportunity employer.