Share this Job

Web Application Firewall Engineer

Date: Sep 17, 2022

Location: Atlanta, GA, US, 30308

Company: Norfolk Southern Corp.

#LI-JK1 #LI-Hybrid


Job Description

The WAF engineer works as part of the cybersecurity team to manage and secure web-based applications hosted on-premises and in the cloud. In this role, the WAF engineer is responsible for designing secure WAF configurations that defend against threats and vulnerabilities without impeding the business. The WAF engineer executes controls adhering to policies, monitors against the threat landscape and recommends changes where necessary. Working as part of a team, the WAF engineer shares information and testing effectiveness of controls and collaborates to counter threats and vulnerabilities. The WAF engineer understands the applications in use, where weaknesses may exist and how WAF controls can help thwart vulnerabilities in dynamic and legacy applications. The role is responsible for WAFs maintained by Norfolk Southern (cloud or on-premises) and those managed in tandem with third-party service providers.


The WAF engineer is expected to have advanced-level knowledge of web application attacks and best practice controls in defense, including the OWASP Top Ten. The role performs constant testing to detect and verify controls, and ensures security risks to the business are identified, documented and escalated to security managers. The WAF engineer designs, tests, automates and deploys application controls across infrastructure according to security policies and procedures. The role performs ongoing assessments and has basic incident response (IR) skills and experience working with security operations and Network team. Technical and analytical skills are vital in the role, as is the ability to communicate effectively with technical and non-technical colleagues. This role involves understanding evolving adversary tactics. The ideal candidate is highly technical, but with some business acumen, having worked in security administration for several years.  

Principal Duties:

  • Design, test and deploy solutions and settings with rules designed to protect against vulnerabilities and threats targeting web-based applications and services.
  • Document and maintain policies and standard operating procedures aligning with strong security practices, standards, application and host integrity, and OWASP best practices.
  • Monitor and respond to events and alerts generated by SIEM and security orchestration, automation and response solutions.
  • Develop and implement workflows to update and maintain configurations across protected infrastructure.
  • Collaborate with incident responders and SOC team members to investigate suspicious activity (analysis and response may need to occur off-hours and on a scheduled rotation).
  • Partner with offensive security team members to test the efficacy of WAF configurations against adversary emulation and enhance team knowledge.
  • Regularly participate in adversary emulation tabletop exercises designed to identify gaps, improve skills, transfer knowledge and improve efficiency at reducing risk.
  • Automate where possible to deploy consistent configurations to WAFs.
  • Work with security team members to enforce thorough application inventory and management standards, as well as audit compliance for applications and services under corporate policies. 
  • Review reports from vulnerability and penetration tests, and results from tabletop exercises, to identify exposure and improve application security posture in tandem with application security engineers.
  • Liaison with threat hunting, infrastructure, information technology, vulnerability management, threat intelligence and software engineer team members.
  • Regularly report to security leadership on security posture supporting defined metrics and service levels.
  • Be professionally accountable for remaining educated on the threat landscape and mitigation techniques.
  • Openly support the organization, management and executive leadership team, even during times of adversity.
  • Perform other duties as assigned.

Job Related Skills & Experience:

  • Preferably 5+ years’ experience in a security systems administration, application security or SOC IR role.
  • Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications.
  • Hands-on experience with WAFs, next-generation firewalls, IDS/IPS and proxies.
  • Proficiency with applications, databases, web services, authentication and middleware servers.
  • Fundamental knowledge and experience with threat intelligence, DDoS, bots and content delivery networks.
  • Demonstrated understanding of cross-site request forgery, cross-site scripting, directory traversal, remote code execution, SQLi, session IDs, and authentication and authorization abuse.
  • Ideally familiar with one or more regulatory requirements and laws such as, Payment Card Industry, Federal Financial Institutions Examination Council, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 17799, ITIL, Cybersecurity Maturity Model Certification and NIST Cybersecurity Framework.
  • Aptitude with one or more scripting languages (e.g., Python, PowerShell, JavaScript and Bash).
  • Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
  • Demonstrated strong written and oral communication skills across varying levels of the organization.
  • Organized with the ability to prioritize and complete tasks within defined service-level agreements (SLAs).
  • Excellent judgment and the ability to make quick decisions when working with complex situations.
  • Understanding of Malware


Bachelor's degree preferred in information assurance, computer science, engineering or related technical field.


One or more of GWEB, GWAPT, GCIH, OSWA or CISSP preferable, but not required.

Company Overview

Norfolk Southern Corporation (NYSE: NSC) is a Fortune 300 organization and one of the nation’s premier transportation companies. Its Norfolk Southern Railway Company subsidiary operates approximately 19,500 route miles in 22 states and the District of Columbia, serves every major container port in the eastern United States, and provides efficient connections to other rail carriers. Norfolk Southern is a major transporter of industrial products, including chemicals, agriculture, and metals and construction materials. In addition, the railroad operates the most extensive intermodal network in the East and is a principal carrier of coal, automobiles, and automotive parts.


At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.


Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.


Nearest Major Market: Atlanta