Imperva WAF -Immdiate Need-Direct Client

Sunera Technologies
South florida, FL
26 Mar 2024

Vacancy expired!

Hi We have a direct client requirement for Imperva/WAF @ Miami FL

Role: Imperva/WAF

Location: Miami FL

Duration: Long Term

Job Description:
  • Experience working with a web application firewall to detect and block attacks
  • Hands on experience manually pen testing APIs for business logic flaws
Imperva/WAF
  • Detecting anomalous or suspicious behavior against our external sites or APIs using our WAF (currently using Imperva cWAF)
o Create explicit rules to block or alert on suspicious ruleso Review alerts from our WAF or other systems to determine if anomalous behavior is malicious or expectedo Create and monitor dashboards for web and API traffico Train and assist SOC team to detect and respond to anomalous or suspicious behavioro Create and modify custom advanced bot protection rules using code
  • Promptly responding to all security incidents including DoS, fraudulent activity, enumeration of customer data or blocking of legitimate users.
o Determine the root causeo Remediate or mitigate the root cause if it is security relatedo Determine the long-term security improvementso Work with developers and operations teams to drive to the long-term security improvements Application Pen Tester/ Security architect
  • Reviewing current system security measures, architecture, and business flows
o Review any major projects for security issues and suggest improvementso Review API documentation, traffic, and source code for any security issues and leaking of customer datao Penetration test APIs and web frontends
  • Need to pen test like a bad actor and not depend on automated tools
o Review end to end customer transactions for security issues, especially security issues unique to telecommunications like phone number takeover.
  • Need to fully understand all systems and find flaws with the interactions of all systems, including:
  • Web front end behavior
  • APIs (Internal and External facing)
  • Internal Systems
  • Call center agents’ policies and systems
  • Data storage in database
  • How and what is logged in various systems
  • Interactions with third parties
o Translate all improvements or gaps to achieve discrete changes
  • Logically split of the changes based on how it will be implemented and our architecture
  • Must understand how to make the change as robust as possible, while minimizing the time it takes to make the change and the risk of impacting customers
  • Document the change and all necessary security requirements
  • Document all security test cases that testers need to complete
  • Work with developers and testers so that they fully understand how to implement security changes
  • Review test cases and perform acceptance testing of the changes
DevOps Tooling Expert
  • Improve the security of the SDLC
o Work with developers so they understand risks and issueso Add additional automated security checks in Jenkins pipelineso Review detected issues for false positiveso Work with developers to prioritize and work through any backlog of itemso Review requests for exceptions
  • Adopt new security scanning tooling
o Work across different orgs and teams to drive adoption of security scanning toolingo POC new scanning tool in Jenkins pipelines and troubleshoot issueso Compare scanning quality of mutiple toolso Create self service options for scanningo Create project plans to drive adoption of new tooling
  • ID: #49552821
  • State: Florida South florida 33101 South florida USA
  • City: South florida
  • Salary: Depends on Experience
  • Job type: Contract
  • Showed: 2023-03-26
  • Deadline: 2023-05-22
  • Category: Et cetera