Web Application Firewall Engineer

Job Description

The WAF engineer works as part of the cybersecurity team to manage and secure web-based applications hosted on-premises and in the cloud. In this role, the WAF engineer is responsible for designing secure WAF configurations that defend against threats and vulnerabilities without impeding the business. The WAF engineer executes controls adhering to policies, monitors against the threat landscape and recommends changes where necessary. Working as part of a team, the WAF engineer shares information and testing effectiveness of controls and collaborates to counter threats and vulnerabilities. The WAF engineer understands the applications in use, where weaknesses may exist and how WAF controls can help thwart vulnerabilities in dynamic and legacy applications. The role is responsible for WAFs maintained by Norfolk Southern (cloud or on-premises) and those managed in tandem with third-party service providers.

The WAF engineer is expected to have advanced-level knowledge of web application attacks and best practice controls in defense, including the OWASP Top Ten. The role performs constant testing to detect and verify controls, and ensures security risks to the business are identified, documented and escalated to security managers. The WAF engineer designs, tests, automates and deploys application controls across infrastructure according to security policies and procedures. The role performs ongoing assessments and has basic incident response (IR) skills and experience working with security operations and Network team. Technical and analytical skills are vital in the role, as is the ability to communicate effectively with technical and non-technical colleagues. This role involves understanding evolving adversary tactics. The ideal candidate is highly technical, but with some business acumen, having worked in security administration for several years.  

Principal Duties:

• Design, test and deploy solutions and settings with rules designed to protect against vulnerabilities and threats targeting web-based applications and services.
• Document and maintain policies and standard operating procedures aligning with strong security practices, standards, application and host integrity, and OWASP best practices.
• Monitor and respond to events and alerts generated by SIEM and security orchestration, automation and response solutions.
• Develop and implement workflows to update and maintain configurations across protected infrastructure.
• Collaborate with incident responders and SOC team members to investigate suspicious activity (analysis and response may need to occur off-hours and on a scheduled rotation).
• Partner with offensive security team members to test the efficacy of WAF configurations against adversary emulation and enhance team knowledge.
• Regularly participate in adversary emulation tabletop exercises designed to identify gaps, improve skills, transfer knowledge and improve efficiency at reducing risk.
• Automate where possible to deploy consistent configurations to WAFs.
• Work with security team members to enforce thorough application inventory and management standards, as well as audit compliance for applications and services under corporate policies. 
• Review reports from vulnerability and penetration tests, and results from tabletop exercises, to identify exposure and improve application security posture in tandem with application security engineers.
• Liaison with threat hunting, infrastructure, information technology, vulnerability management, threat intelligence and software engineer team members.
• Regularly report to security leadership on security posture supporting defined metrics and service levels.
• Be professionally accountable for remaining educated on the threat landscape and mitigation techniques.
• Openly support the organization, management and executive leadership team, even during times of adversity.
• Perform other duties as assigned.

Job Related Skills & Experience:

• Preferably 5+ years’ experience in a security systems administration, application security or SOC IR role.
• Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications.
• Hands-on experience with WAFs, next-generation firewalls, IDS/IPS and proxies.
• Proficiency with applications, databases, web services, authentication and middleware servers.
• Fundamental knowledge and experience with threat intelligence, DDoS, bots and content delivery networks.
• Demonstrated understanding of cross-site request forgery, cross-site scripting, directory traversal, remote code execution, SQLi, session IDs, and authentication and authorization abuse.
• Ideally familiar with one or more regulatory requirements and laws such as, Payment Card Industry, Federal Financial Institutions Examination Council, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 17799, ITIL, Cybersecurity Maturity Model Certification and NIST Cybersecurity Framework.
• Aptitude with one or more scripting languages (e.g., Python, PowerShell, JavaScript and Bash).
• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• Demonstrated strong written and oral communication skills across varying levels of the organization.
• Organized with the ability to prioritize and complete tasks within defined service-level agreements (SLAs).
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• Understanding of Malware

Education:

Bachelor's degree preferred in information assurance, computer science, engineering or related technical field.

Certifications:

One or more of GWEB, GWAPT, GCIH, OSWA or CISSP preferable, but not required.