Web Application Security Engineer APAC

Job description

Tasks

• Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
• Improve the security of web applications and APIs by implementing advanced protection measures on the WAF and configuring custom application-specific security policies
• Onboarding new web applications and APIs on the WAF infrastructure to ensure seamless integration and optimal security
• Evaluate new or changed business requirements and assess their feasibility and impact on surrounding systems, standards and policies
• Troubleshooting technical issues related to the WAF, identifying root causes and developing effective solutions
• Participate in 2nd and 3rd level support organization, provide on-call support and collaborate with other teams to resolve incidents
• Continuous improvement of service reliability, security, performance, monitoring and automation of the WAF infrastructure with the aim of improving overall system availability and efficiency

Requirements

Professional and technical

• Thorough understanding of security best practices for web applications and APIs
• Solid understanding of web communication protocols such as HTTP, TLS, Websocket etc.
• Practical experience with highly available and scalable web infrastructure
• Practical experience with the operation of WAF or reverse proxy solutions such as F5, Imperva, Netli, Cloudflare or open source alternatives such as ModSecurity
• Experience in software development (Java, Spring Boot, React, Typescript) and practical experience with Kubernetes-based environments
• Strong troubleshooting and structured problem solving skills
• Log analysis and correlation skills with hands-on experience in Splunk, Elastic or similar tools to investigate incidents and identify root causes
• Familiarity with the implementation of authentication and federation mechanisms such as SAML, Oauth and OIDC and FIDO
• Good technical basis for Unix operating systems and their command line tools
• Relevant academic background (e.g. Bachelor's or Master's degree in computer science, cybersecurity or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired

Personal and social

• Team player, strong collaborator with a willingness to take on responsibility
• Excellent communication skills in spoken and written form
• Strong desire to learn and develop new skills
• Methodical and results-oriented approach to new challenges and tasks
• Independent and self-driven
• Ability to thrive in a globally distributed team environment

Regulatory

• Good understanding of the technology regulatory framework in Singapore and Hong Kong

We offer