Job description
Some careers shine brighter than others.
If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team as WAF technical Lead
In this role, you will be play a key role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.
· Lead design, architecture and implementation of the WAF solutions to meet the organizations security requirement and business needs.
· Develop and maintain WAF standards, policies and best practices.
· Lead hands on implementation, configuration and deployment of WAF.
· Develop custom WAF tuning processes, documentation, and designs tailored to the organization's needs.
· Conduct training sessions for Application Teams, equipping them with the knowledge and skills needed for WAF tuning.
· Collaborate with Application Teams to fine-tune WAF settings, enhancing security measures and performance
· Review each platform against the Minimum Viable Product (MVP) benchmarks to identify and rectify any discrepancies
· Establish and agree upon a Baseline Configuration that satisfies MVP requirements
· Document WAF limitations and collaborate with the Risk team and vendors to seek resolutions
· Work closely with business and application teams to understand application logics, identify potential vulnerabilities and tailor WAF protection.
· Provide technical guidance, mentorship and training to direct team members on technology and processes.
· Provide SME WAF Engineer design support for WAF solution design against industry best practices such as company MVP, OWASP and vendor best practices
· Discover, document, and create technical design and automation consumable configurations for WAF deployment and audit prerequisites, including:
· Baseline configuration design patterns from MVP reviews for all platform
· Technical deployment methods of custom rules and exceptions per platform and any per platform ordering / priority considerations with a lens on the safest deployment models possible
· Acceptable access controls for WAF management planes per platform against the companies agreed IDAM (Identity and Access Management) policies
· Assist Cyber engineering team in removing impediments, enhancing workflows, and improving their practices to deliver high quality network solutions.
· Mentor team on agile principles and practices, promote continuous improvement and self-organization within the team. Besides ensure transparency and accountability within a team.
· Communicate updates and reports to stakeholders and senior management.
· Build and maintain KPI’s for the team and the engineering products.
· Drive incident resolution - technology or process, across technology teams, stakeholders and management where required.
· Liaison with vendor on product issues including design, features, and defects.
· Implement network solutions aligned to organizational standard and meet regulatory requirements.
· Provides knowledge transfer with teammates through formal team training sessions, brown bags, and mentoring of other team members.
· Apply technical expertise in implementing efficiencies and creating strategies to better detect and respond to cyber incidents by prioritizing mitigation actions.
Requirements
· Demonstrate leadership abilities with track record of successfully managing and motivating teams.
- Strong experience with multiple WAF solutions including Akamai, F5, AVI, NGINX+
- Strong experience with cloud services and their WAF controls, including AWS, Azure, and GCP
- Strong understanding of Web Application security attack methods and mitigations
- Strong experience with enterprise scale WAF deployments and the discovery and provisioning of prerequisites such as access control, certificates, rate limiting, SIEM connectors, rule sets and features
- Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.
- Experience in conducting educational sessions or training, with an emphasis on WAF tuning
- Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security.
- Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.
- Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.
- Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.
- Experience in rate limiting techniques and their integration into security configurations
- Experience of version control and update mechanisms for WAF solutions
- Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.
- Skills in designing SIEM connector options and interfacing with SIEM Teams/SOC for compliance and monitoring purposes
Other skills
· Strong stakeholder management skills
· CISSP certification will be preferred, but not mandatory.
· Experience with modern agile software delivery practices such as scrum, version control, continuous integration, and delivery (CI/CD), DevOps
· Knowledge and experience in Agile and DevOps development practices
· Proven and extensive experience of service management & application production support with knowledge of service recovery, incident, and problem management
· Excellent communication skills.
· Ability to work in fast paced environment with and changing priorities.
Able to support aggressive delivery timelines without compromising on quality
You’ll achieve more when you join HSBC
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued by – HSBC Software Development India