Web Application Firewall Manager
Deloitte
- Sydney, NSW Melbourne, VIC
- Permanent
- Full-time
- Work in a highly innovative and transformative business
- Mentoring, growth and training - receive support and coaching to progress your career
- Preventive and supportive mental health initiatives
- Web Application Firewall Management: Oversea the deploy, configuration, tracking and maintenance of web application firewall systems to protect our web applications against potential threats and vulnerabilities.
- Manage a team of WAF engineers that provide regional operational support to application owners.
- Lead status updates, workshops, meetings, and report to senior leadership.
- Manage and support WAF Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and Cybersecurity teams.
- Oversee Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks within the WAF. Provides investigation findings to relevant business units to help improve information security posture.
- Oversee Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
- Create Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
- Collaboration and Training: Collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide training and daily guidance to staff members on WAF best practices and security awareness.
- Collaborate with key stakeholders and senior leaders such as CISOs, CIOs and directors within Cybersecurity, Engineering, and Development teams to create specific use cases to address business needs and security requirements.
- Serve on teams and task groups for projects/initiatives within the business unit and/or across the organization.
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.Enough about us, let's talk about you.
You are someone with:
- Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience
- 10+ years with minimum 2 years into network security, 2 years in WAF experience and at least 2 years leading teams.
- Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
- Strong technical background with Akamai or Radware Web Application Firewall (WAF) technologies and bot mitigation security policies.
- Proficiency in deploying and managing web application firewalls, preferably with experience in AKAMAI and RADWARE or similar tools.
- Understanding of API security issues and API authentication.
- Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis is highly desirable. Prior experience working with Splunk for security event management, log analysis, and threat detection.
- Good understanding of information security principles and policy enforcement.
- Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs
- Strong technical background in web development and familiarity with potential attack vectors/methods
- Understanding of DNS, Networks, Firewalls, SSL Certificates
- Knowledge of Web Application Firewall technologies (Akamai and Radware)
- Ethical hacking
- ServiceNow experience
- Technical documentation experience
- Familiarity with cloud security services, concepts, and best practices
- CISSP, CISM, CISA, GIAC or other security certifications are desired
- Bi-lingual (Japanese a plus)
Sound like the sort of role for you? Apply now.By applying for this job, you'll be assessed against the Deloitte Talent Standards. We've designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.