Web Application Security Engineer APAC

Job description

Tasks

• Work closely with the global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
• Improve the security of web applications and APIs by implementing advanced protection measures on the WAF and configuring custom application-specific security policies
• Transfer of new web applications and APIs to the WAF infrastructure to ensure seamless integration and optimal security
• Evaluate new or changed business requirements and assess their feasibility and impact on surrounding systems, standards and policies
• Troubleshooting technical problems related to the WAF, identifying causes and developing effective solutions
• Participate in 2nd and 3rd level support organization, providing on-duty support and working with other teams to resolve incidents
• Continuous improvement of security reliability, performance, monitoring and automation of the WAF infrastructure with the aim of improving overall system availability and efficiency

Client Management (internal & external)

• Communication with various IT functions, both regionally and globally
• Communication with local legal and compliance functions

Business Management

• Key players on site are IT service owners, IT infrastructure, IT application managers, IT architecture and project managers
• CISO functions - including business operational risk, information security and compliance functions
• Global functions - IT security solutions, security architecture
• Building a strong relationship with key players within internal IT

Regulatory Responsibilities / C&R Risk Management

• Ensure appropriate ethical and compliant behavior within the area of responsibility by clearly demonstrating appropriate values and behaviors (including, but not limited to, standards of honesty and integrity, care and diligence, fair treatment (fair treatment of clients), management of conflicts of interest, competence and continuous development, appropriate risk management and compliance with applicable laws and regulations)

Requirements

Professional and technical

• Sound knowledge of security best practices for web applications and APIs
• Solid understanding of web communication protocols such as HTTP; TLS, Websocket etc.
• Practical experience with highly available and scalable web infrastructure
• Practical experience with the operation of WAF or reverse proxy solutions such as F5, Imperva, Netli, Cloudflare or open source alternatives such as ModSecurity
• Experience in software development (Java, Spring Boot, React, TypeScript) and practical experience with Kubernetes-based environments
• Strong troubleshooting and structured problem solving skills
• Log analysis and correlation skills, with hands-on experience in Splunk, Elastic or similar tools to investigate incidents and identify root causes
• Familiarity with the implementation of authentication and federation mechanisms such as SAML, Oauth and OIDC and FIDO
• Good technical basis for Unix operating systems and their command line tools
• Relevant academic background (e.g. Bachelor's or Master's degree in computer science, cybersecurity or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired

Personal and social

• Team player, strong collaborator with a willingness to take on responsibility
• Excellent communication skills in spoken and written form
• Strong desire to learn and develop new skills
• Methodical and results-oriented approach to new challenges and tasks