WAF Specialist

Job description

About the Job 

Security for Applications (SFA) is an organizational cluster of global security capabilities designed to safeguard software applications from potential threats. SFA is part of the wider Security Services group and core Information Security Operations pillar of Allianz Technology

We are seeking a skilled and proactive Web Application Firewall (WAF) Specialist to join our cloud WAF team. The ideal candidate will play a crucial role in safeguarding our web applications and APIs against evolving cyber threats. You will be responsible for designing, implementing, and optimizing WAF rules, responding to security incidents, and working closely with DevOps and security teams to ensure robust protection for our web properties.

What you do

• Design and implement WAF rules to mitigate vulnerabilities and protect against OWASP Top 10 threats, such as XSS and SQLi, while configuring and optimizing WAF policies with positive and negative security models.
• Monitor and adjust rate-limiting, IP allow/deny lists, and bot protection, responding to security incidents and providing real-time WAF tuning to mitigate threats.
• Conduct root cause analysis (RCA) for WAF-related incidents, recommending improvements and using WAF tools and dashboards to monitor real-time threats and trends.
• Generate reports and provide insights to stakeholders on WAF effectiveness and security posture, collaborating with DevOps, SecOps, and application development teams for seamless WAF integration into CI/CD pipelines.
• Regularly update WAF configurations to address new vulnerabilities, emerging threats, and application changes, conducting performance analysis to minimize latency impact while maintaining security.
• Document WAF configurations, incident handling procedures, and best practices, training internal teams on Akamai security solutions and WAF configurations.
• Ensure continuous improvement in security measures by staying updated with industry trends and advancements in WAF technology.

What you bring

• Proficiency in threat analysis, incident response, and log monitoring, with familiarity in web application architectures, HTTP/HTTPS protocols, DNS, and CDNs.
• Experience developing Jenkins jobs and using git source code repositories, with knowledge of SIEM tools, log analysis platforms like Splunk and Datadog, and traffic analysis tools.
• Security certification like CISSP or CEH is an added advantage, alongside a Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Excellent written and verbal communication skills, with the ability to work collaboratively across teams in a multinational environment.
• Strong analytical and problem-solving skills, capable of managing multiple priorities in a fast-paced environment.
• 2+ years of experience as a web application developer, preferably using Java. Skilled in scripting and automation tools, such as Python and Bash, for managing WAF configurations
• 3+ years of experience managing Web Application Firewalls, with hands-on experience mitigating OWASP Top 10 vulnerabilities and securing web applications/APIs; experience with Akamai WAF and security solutions is a plus.

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.