Career Opportunities

This is a full-time contract/consulting position with Concordis. In addition to the full transparency of knowing the bill rate to the end client, you will receive:

$1 for $1 matching 401(k) with NO vesting period!, medical insurance, dental insurance, vision insurance, life insurance, STD, LTD, PTO, paid holidays, and more. Plus, you’ll never be asked to sign a non-compete letter before submitting you to a career opportunity. Client and consultant alignment with zero conflict of interest. 

Job Overview:

The successful candidate for the Web Application Firewall Engineer role will support the deployment of modern Web Application Firewalls across Client’s ecosystem of products and services. You will develop SIEM alerts and playbooksspecific to WAF events that will trigger and support incident response procedures. You will work with world class staff and tools to identify, monitor, and address web basedattacks, while participating in a next-generation security organization. This senior position will drive security solutions relevant to Web Application Firewalls and SIEM use case development.

You’ll be responsible for providing guidance and building real world mitigation steps to identified information risks. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution. You will apply your strong Application Security background by assessing Client’s product environment and supporting the deployment of WAF technologies and SIEM configurations.

Responsibilities:

• Partner with Product Security, SaaS Operations, and Engineering teamsto evaluate, select, and implement WAF services at scale
• Work with Engineering teams to coordinate WAF onboarding, explaining and coordinatingany architectural or configuration changes required to support WAF deployment
• Develop new SIEM content (Securonix Snypr) for Security Operations personnel including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize the importance of WAF events
• Document and develop tools and processes to assist SOC and SIRT personnel in incident response, log collection, and review
• Alleviate time-consuming SOC analyst tasks and improve SOC processes through Security Orchestration, Automation and Response (SOAR)
• Develop actionable information in the form of technical indicators, reports, lists, rules, signatures, or signals and warnings

Requirements:

• 7-10+ years as a Security Engineer with strong Application Security experience
• Extensive hands on/configuration experience with Web Application Firewalls (Akamai, Imperva, CloudFlare, etc.)
• Extensive experience with responding to WAF events and developing incident response plans
• Experience configuring SIEM alerts based on WAF events and correlating them to backend server logs
• Experience with modern web applications frameworks, their security requirements, and layer 7 attack mitigations (OWASP/SANS)
• Strong proficiency in AWS and other public cloud platforms
• Strong scripting skills (bash, python, ruby, Go, etc.)
• Proficiency with security tools like WhiteSource, Checkmarx, Acunetix, Burp Suite Professional, and/or other application security tools
• Working knowledge of REST API testing and related tools
• Working knowledge of JSON, XML, http headers and related REST API authentication / authorization approaches
• Knowledge of Web Application delivery, CDNs/WAFs, forward and reverse proxies, etc.
• Excellent written, verbal and presentation skills are essential and required
• Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

Preferred Qualifications

• Experience with the Securonix is highly desired
• Knowledge of security triage and incident handling workflow
• Familiarity with effective visualizations and dashboarding fundamentals
• CISSP, SANS technology certifications and other security certifications is a plus