Senior Cybersecurity Engineer - Web Application Firewall

At Horangi, we’re passionate about building a safer cyberspace and creating software that solves challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals and building a security strategy that helps achieve their objectives. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships.
As a Senior Cybersecurity Engineer, you will develop, support, tune and deploy Web Application Firewall security solutions for Horangi customers.  Primary day-to-day job duties involve:
-Web Application Security: Engineering, deployment, and operations of Web Application Firewall security solutions and integration of those platforms with other security solutions as required.-Performing hands-on Web Application Firewall deployment, configuration, policy fine-tuning and maintenance
This is a hands-on technical job. We are looking for an experienced candidate with extensive experience with Akamai, Cloudflare, Imperva, and/or AWS Web Application Firewall policy fine-tuning and administration.

What you will be doing

• Engineers, configures, deploys, and maintains Web Application Firewall solutions
• Develops advanced alerts/reports to meet the requirements of key stakeholders
• Develops automation for security tools management and workflow integration
• Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
• Creates WAF rules/signatures to mitigate threats and implements best practices
• Creation and implementation of custom alerting in SIEM for investigations
• Works extensively with different stakeholders across Visa for tuning WAF policies or creating custom signatures
• Aids in gathering metrics for measuring Performance and Risk
• Provides ongoing support to existing monitoring capabilities and data collection systems.
• Provides development support for the expansion and implementation of new systems.

What you will need to succeed

• Over 5 years of experience in Cybersecurity engineering with experience that includes configuring and managing Web Application Firewalls.
• Expert Python Scripting, Perl, Shell scripting. Development experience in C++, Java, Java Script.
• Excellent experience with Regular Expressions
• Excellent experience with Security Incident and Event Management (SIEM)
• Solid understanding of web applications, web servers, application firewalls, frameworks and protocols with respect to web application development, deployment, and operation
• Extensive knowledge of Imperva, Akamai and/or Cloudflare Web Application Firewall configuration and management
• Extensive knowledge of web technologies and concepts
• Strong understanding of TCP/IP, web protocols and networking concepts
• Expertise in one or more areas such as operating systems, web services, programming languages, network devices, application vulnerabilities and attack vectors
• Experience in reviewing and analyzing log files and data correlation
• Excellent Logical and Practical understanding of SSDLC
• Experience with managing Web/Application Servers  
• Scripting/programming using Python
• Excellent understanding and hands on experience with Java and/or .NET technologies
• Excellent understanding of PKI Technology
• Excellent knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
• Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks. 
• Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
• Experience with Web Application Firewall management and rules
• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
• Excellent understanding of DDoS techniques and mitigation mechanisms
• Solid understanding of Incident Response Process
• Prior experience in Security Operations and Incident Response
• Excellent understanding of Cyber Security Operations, Incident Response processes
• Excellent communication skills
• Excellent team player
• CISSP, SANS GCIA, SANS GIAC, and/or AWS Security is a Plus
• Bachelor’s degree in engineering, computer science, information security, or information systems