SENIOR WEB SECURITY ENGINEER

Group Information Security (GIS) provides high quality information security and risk management to our group, its subsidiaries, and parent company through a collaborative and people-centric organization with local presence and global reach. The Application Security team specializes in understanding Web technology, the related vulnerabilities, best practices for development and remediation, and the latest tools available to protect our vast portfolio of Web sites and applications.

Senior Web Security Engineers are technical subject matter experts while also helping manage a Service to the business. Reporting to Head of Application Security for Americas, the responsibilities include working with peers in Group Information Security to advise business stakeholders and various application development teams on proper security in their Software Development Lifecycle, to scan and identify vulnerabilities in applications and courses for remediation, and strategic use of infrastructure technologies such as Web application firewalls to provide layers of defense.

This role would be ideally suited for someone with 2-3 years hands-on experience supporting an Imperva SecureSphere WAF architecture, integrating applications for active protection, overseeing tuning of policies, and presenting the technical capabilities and value proposition to business stakeholders. Candidates knowledgeable about complementary technologies such as Veracode or White Hat SAST/DAST scanning, or Incapsula DDoS protection, would have an advantage. Attention to detail, logical decision-making, anticipation of problems, and the ability to communicate technical concepts are essential for success.

Essential Job Functions

1. Act as source of information security subject matter expertise in Web Application Security for GIS, specifically for Imperva Web Application Firewalls
2. Planning and delivery of application security testing engagements
3. Baselining against GIS and other application security related policy
4. Participation in information security solution delivery according to GIS priorities
5. Application Security process development and implementation
6. Supplier assurance as related to application security
7. Interact with a variety of personnel, ranging from software developers to security/IT executives
8. Assist in the creation, education and delivery of the rollout plans, security policies, and integrated SDLC processes
9. Help empower development in secure coding practices and Cyber operations

Education Requirements

Bachelor’s degree in Computer Science, Computer Engineering, or related discipline and/or equivalent work experience.

Experience Requirements

1. 5+ years professional experience working with Web applications in a large company
2. 2-3 years hands-on experience with Imperva SecureSphere Web Application Firewall, or similar technology
3. Ability to utilize keyboard, and superior communication to be able to negotiate and persuade others working on projects, via email, phone, and presentation.

Additional Information

All your information will be kept confidential according to EEO guidelines.