Web Application Security Engineer APAC

Job description

Main tasks

• Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
• Improve the security of web applications and APIs by implementing advanced protection measures on the WAF and configuring custom application-specific security policies
• Onboarding new web applications and APIs on the WAF infrastructure to ensure seamless integration and optimal security
• Evaluate new or changed business requirements and assess their feasibility and impact on surrounding systems, standards and policies
• Troubleshooting technical issues related to the WAF, identifying root causes and developing effective solutions
• Participate in 2nd and 3rd level support organization, provide on-call support and collaborate with others to resolve incidents
• Continuous improvement of security reliability, performance, monitoring and automation of the WAF infrastructure with a focus on improving overall system availability and efficiency

Client management (internal & external)

• various IT functions, both regional and global
• Local legal and compliance functions

Business Management

• important local stakeholders are IT service owners, IT infrastructure, IT application managers, IT architecture and IT project managers
• CISO functions - including business operational risk, information security and compliance functions
• Global functions - IT security solutions, security architecture
• Building a strong relationship with key stakeholders within internal IT

Regulatory responsibilities / ACR / risk management

• Ensure appropriate ethical and compliant behavior within the area of responsibility by clearly demonstrating appropriate values and behaviors (including, but not limited to, standards of honesty and integrity, care and diligence, fair treatment (fair treatment of clients), management of conflicts of interest, competence and continuous development, appropriate risk management and compliance with applicable laws and regulations)

Professional and technical requirements

• Deep understanding of security best practices for web applications and APIs
• Solid understanding of web communication protocols such as HTTP; TLS; Websocket; etc.
• practical experience with highly available and scalable web infrastructure
• practical experience with the operation of WAF or reverse proxy solutions such as F5, Imperva, Nexus, Cloudflare or open source alternatives such as ModSecurity
• Experience in software development (Java, Spring Boot, React, TypeScript) and/or practical experience with Kubernetes-based environments
• Strong troubleshooting and structured problem solving skills
• Log analysis and correlation skills with hands-on experience in Splunk, Elastic or similar tools to investigate incidents and identify root causes
• Familiarity with the implementation of authentication and federation mechanisms such as SAML, OAuth and OIDC and FIDO
• Good technical basis for Unix operating systems and their command line tools
• Relevant academic background (e.g. Bachelor's or Master's degree in computer science, cybersecurity or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired

Personal and social requirements

• Team player, strong collaborator with a willingness to take on responsibility
• excellent communication skills in spoken and written form
• Strong desire to learn and develop new skills
• Methodical and results-oriented approach to new challenges and tasks