Job Description

Akamai WAF engg.

1. · Extensive experience in Akmai WAF management, tuning, and engineering, with a strong understanding of web application security principles.
2. · Proven track record of proactively identifying and mitigating false positives to optimize WAF performance.
3. · Background in SOC or CSIRT environments, demonstrating hands-on experience in in-depth log analysis.
4. · Proficiency in log analysis tools and techniques, with the ability to identify patterns and anomalies in web traffic

͏

1. · Consult with Capability Lead to deliver Web Application and API Protection for our critical applications, primarily on the Akamai platform.
2. · Monitor and review all tuning requests.
3. · Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance.
4. · Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations.
5. · Develop, test, and recommend WAF policies and rules tailored to specific applications and environments.
6. · Proactively assist with identifying false positives
7. · Collaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure.
8. · Collaborate with Application teams to enable web application protection.
9. · Deliver anti-bypass protection for on-premise application currently using Akamai.
10. · Provide recommendations for WAF configuration based on best practices and security requirements.
11. · Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards.
12. · Maintain evidence for audit and regulatory asks
13. · Deliver monthly / quarterly business reviews for application owners to show the effectiveness of the WAF control.
14. · Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness.
15. · Evaluate, design, and deliver new and alternative WAAP features and/or solutions.

͏

1. Ensuring alignment with capability lead and control owner to deliver consistent WAAP policies across multiple infrastructures.
2. · Ensuring timely and accurate review and action on all WAF tuning requests.
3. · Conducting thorough log analyses to effectively identify and mitigate false positives, ensuring optimized WAF rules.
4. · Maintaining comprehensive and up-to-date documentation for all WAF tuning procedures, policies, and configurations.
5. · Developing and recommending tailored WAF policies and rules for various applications and environments.
6. · Proactively identifying and addressing false positives to enhance overall WAF accuracy.
7. · Collaborating effectively with cross-functional teams to integrate WAF solutions seamlessly into existing security infrastructure.
8. · Collaborating effectively with application teams to enable WAF protection across HSBC.
9. · Ensuring connectivity to origin servers on premise only comes through Akamai to prevent direct to origin attacks.
10. · Providing expert recommendations for WAF configurations based on best practices and current security requirements.
11. · Performing regular assessments and audits of WAF configurations to maintain optimal security posture and compliance with industry standards and maintaining evidence.
12. · Performing service reviews with accountable service / application owners.
13. · Staying informed about the latest web security threats, vulnerabilities, and trends to ensure continuous enhancement of WAF effectiveness.
14. · Review existing and new solutions to deliver best in class protections.

͏

͏