Job Description :
Position : Security Consultant - Web Application Firewall
Location : Nashville, TN
Duration : Fulltime (Permanent)

Job Description:

Key Responsibilities include:
Create, deploy, maintain and troubleshoot F5 ASM policies for new and existing web applications.
Configure and manage WAF configuration for Imperva cloud WAF.
Review vulnerabilities that impact web applications and develop WAF “Virtual Patching” solutions
Monitor and analyse activity logs to detect malicious internet traffic and indicators of compromise as well as to reduce false positive blocks
Review WAF usage and define means to improve and mature protection policies
Understand web applications at a sufficient level to work with developers to implement protective controls that may need to be customized for specific applications
Interpret web protocol information to determine source, intent, and risk of threat agents
Provide preventative maintenance, troubleshooting and quickly resolve problems to ensure infrastructure and application stability
Participate in technical design activities to ensure a sound design and any infrastructure impact is understood
Create and maintain technical documentaiton regarding the WAF instructure including network diagrams, policies and operational procedures for managing the infrastructure.
Work closely with Development, QA, Operations, InfoSec, and design engineers to ensure security requirements are met and web-applications are adequately protected from cyber-attacks
Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks.
Basic understanding of data flow technologies such as routing, natting, arps and associated command line tools such as tcpdump
Awareness of mainstream operating systems and a wide range of security technologies including network firewall, IPS, and web proxy.

Knowledge and experience of F5 Load Balancers and Products:
WAF policy development for protecting existing applications
Reviewing and analysing security reports
Reviewing security techniques and technologies regularly to remain aware of best practice
Ensuring the operation of technical systems are consistent with policies and procedures
Following the latest security trends and vulnerabilities

Qualifications and Experience:
Security Qualifications preferred e.g. F5 CTS-ASM/CISSP/CISM/ISC2/CEH or equivalent
Previous experience of working within a regulated environment i.e. in the financial services, Insurance industry
Full understanding of the application project life cycle and process/procedure design.
Knowledge and hands-on experience of security tools. Experience in IPS, WAF, Load Balancers, Firewalls and Network Security
Experience in Application Security and Technologies
Experience in security vulnerability scanning. Experience with audit event collection and reporting toolsets

Required Non-Technical Skills:
Proven analytical and problem-solving abilities.
Ability to conduct research into IT security issues and products as required.
Self-motivated and directed.
Keen attention to detail.
Team-oriented and skilled in working within a collaborative environment.
High Integrity & work ethic, good communication skills, positive demeanour
Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.