Web Application Firewall Engineer

Job Requisition ID: 35717 

• Work in a highly innovative and transformative business
• Mentoring, growth and training – receive support and coaching to progress your career
• Preventive and supportive mental health initiatives

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

What will your typical day look like?  

The Web Application Engineer candidate will have a strong background in cybersecurity and understanding of web application security practices. The primary responsibility of the WAF Engineer will be to ensure the effective deployment, configuration, and maintenance of our web application firewall systems for Global customers. This role requires expertise in Web Application Firewalls as well as experience with alerts and detections and data log analysis.

Key Role Responsibilities:

• Web Application Firewall Management: Deploy, configure, and maintain web application firewall systems to protect our web applications against potential threats and vulnerabilities.
• WAF Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and Cybersecurity teams.
• Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks within the WAF. Provides investigation findings to relevant business units to help improve information security posture.
• CDN Integration: Collaborate with the infrastructure and application teams to integrate the web application firewall with CDNs such Akamai and Radware, ensuring seamless traffic management and content delivery.
• Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
• Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
• Collaboration and Training: Collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide training and guidance to other team members on WAF best practices and security awareness, as needed.
• Collaborate with key stakeholders within Cybersecurity, Engineering, and Development teams to create specific use cases to address business needs and security requirements.

About the team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough about us, let’s talk about you.
You are someone with:

• Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience
• 4+ years experience with minimum 2 years into network security and 2 years in WAF
• Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
• Strong technical background with Akamai or Radware Web Application Firewall (WAF) technologies and bot mitigation security policies.
• Proficiency in deploying and managing web application firewalls, preferably with experience in AKAMAI and RADWARE or similar tools.
• Understanding of API security issues and API authentication.
• Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis is highly desirable. Prior experience working with Splunk for security event management, log analysis, and threat detection.
• Good understanding of information security principles and policy enforcement.
• Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs
• Strong technical background in web development and familiarity with potential attack vectors/methods
• Understanding of DNS, Networks, Firewalls, SSL Certificates

Preferred:

• Knowledge of Web Application Firewall technologies (Akamai and Radware)
• Ethical hacking
• ServiceNow experience
• Technical documentation experience
• Familiarity with cloud security services, concepts, and best practices
• CISSP, CISM, CISA, GIAC or other security certifications
• Bi-lingual (Japanese a plus)

Why Deloitte? 

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong. 

 We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.

 Next Steps 
Sound like the sort of role for you? Apply now. 

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.