World Wide Technology (WWT), a global technology integrator and supply chain solutions provider. WWT employs more than 7000 people worldwide and operates in more than 2 million square feet of state-of-the-art warehousing, distribution, and integration space strategically located throughout the world. WWT is ranked on Glassdoor Best Places to Work for 12 years in a row and featured on Fortune’s 100 Best Companies to Work For list for 8 years in a row.
This is a Contract Role
Contract Duration: 6 months extendable
Location: UK,(100% Remote)
Inside IR 35
Job Description:
This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.
This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of organization.
Experience: 8+ years
Key Responsibilities:
* Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
* Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.
* Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)
* Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.
* Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project
Key Accountabilities:
* Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.
* Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.
* Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.
* Identify and counter technical strategies that bypass WAF solutions.
* Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.
* Facilitate the integration of testing procedures into CI/CD pipelines
* Reverse-engineer attacker tactics to create effective mitigation rules.
* Maintain and secure essential documentation and reports, ensuring traceability and compliance.
* Inform the EPS Management team about emerging threats and vulnerabilities, recommending countermeasures.
* Communicate effectively with a range of stakeholders, providing updates on security-related matters