Job Description :
Overview:
The IT Security Defend and Protect team are dedicated to providing a solid security toolset in support of ensuring the security of the AIG environment. Within application security are products used for the purpose of protecting and defending applications and network devices at AIG . Application Security tools include Imperva SecureSphere Web Application Firewalls (WAF
The Engineer – Application Security will be responsible for implementation of technical aspects of the application security program at AIG. This position is a hands-on role that requires knowledge of data security tools, especially web application firewall tools. The candidate must understand how the design of the tool impacts business operations.
The candidate will demonstrate a thorough knowledge of signature detection for malicious activities on web applications, penetration testing, and network design. In this role, the candidate will work with the team to design expansion of the platform, minimize the number of false positives being reported through the WAF, and work with the business to ensure thorough testing of their application.
The successful candidate will demonstrate strong knowledge of and experience with the general information security controls employed to protect web applications as well as the ability to identify and remediation efforts for web applications before enabling WAF blocking.
The following criteria are key to the success of the candidate:
Responsible to analyze, identify, and document best practices to ensure optimal security tool functionality
Perform capabilities gap analysis of existing platform security tools to determine adequacy for security objectives
Identify and document security infrastructure capacity thresholds
Ensure all tools are monitored for capacity, performance, and availability
Manage security infrastructure configuration files, logs, and other artifacts to perform root cause analysis when there are issues
Ensure processes are documented and runbooks are developed and maintained
Establish and maintain strong relationships with security tool vendors to stay on top of new functionalities and find ways to add value with existing tools and quickly resolve problems
Work with project managers on required project related tasks
Perform other security related duties as required
Position Requirements:
At least 2 years with Imperva WAF or similar tool and must be able to translate vulnerabilities and gaps into business risks.
Strong knowledge of web application security, web-related protocols (HTTP, HTTP/2, SSL, WebSockets, etc, and potential web server configurations
Should be able to understand Network level and Application level reference architecture and be able to advise implementation teams on secure design.
3 years of professional experience as an Application Developer, demonstrated proficiency in developing secure solutions developed using common development frameworks and languages.
Be the subject matter expert for new vulnerabilities, existing vulnerabilities, and possess the ability to discuss the dangers with developers in a clear and concise manner.
Understand the concepts of both the mobile and standard OWASP Top 10 lists.
Experience and understanding of multiple security platforms and layers including Firewalls, Proxy servers, Intrusion Prevention Systems, Web Application Firewalls and Logging Correlation.