Beschreibung
SENIOR WAF ENGINEER - DE+ EN.Our client in banking in Zurich is currently looking looking for a senior WAF Engineer.
In order to stay ahead of the ever faster changing needs of our clients, we place great emphasis on fully covering the broad spectrum of innovative digital services. Our experienced teams apply their skills and innovative spirit with dedication and determination to guarantee our customers a unique and sustainable service.
Department Division Reports toIT Services
Wealth Chief Digital Information Office (Wealth CDIO) Head Security & Data Protection
Role Purpose
We are looking for a Web Application Security Engineer to join our Security & Data Protection team in Zurich. This position offers a unique opportunity to work in an international environment and interact with a wide range of stakeholders. Our architecture is currently undergoing a fundamental transformation: in this position you will work with us to drive innovative web security solutions on a wide range of technologies. You will leverage new and proven technologies and bring your technical expertise to our dynamic and agile team. You will be responsible for both operational activities and further development of IT products assigned to you. In order to reduce manual and error-prone work to a minimum, you automate tasks as far as reasonable.
Your role
Your future team is the hub when it comes to operation and engineering of security basics for authentication, confidentiality and integrity.
You will help your team and our internal customers, together with our vendors, to choose the best web security solution, securely integrate critical applications, enable secure communication protocols and create a controlled operating environment.
Your main task is to configure our web application firewall.
This includes operational tasks, but also debugging HTTP requests together with developers. You analyze network traffic to detect problems.
You implement changes on productive 24x7 systems on weekends during the night. This can happen up to two times a month.
Your knowledge and experience
You have a degree in computer science or business informatics.
If possible, you have several years of experience in a similar role or as a web application developer, preferably in the IT security or finance industry.
Experience in mobile and API development is also an advantage.
We expect you to have high technical implementation skills in the following topics:
Analysis of security critical applications (e.g. e-banking) in browser and native apps.
Planning and implementation of reverse and forwarding proxy and/or web application configuration
Firewalls
Integration of applications with security infrastructure components such as IAM, proxies, firewalls,
Gateways, Vaults, Web Application Firewall, etc.
Adequate application of OWASP Top 10, OWASP API Top 10, OWASP Mobile Top 10
Role Profile
Additionally, you have either already dealt with or are willing to learn about the following topics:
Examining/correlating logs (with Splunk)
Network traffic analysis (with Wireshark)
Security or penetration testing
Policies and Rule Management
SW/HW maintenance, automation / infrastructure as code, (security) monitoring, performance optimization
Installation and operation of web security products in container environments
Security protocols like HTTPS, mTLS, OIDC, oAuth2, etc.
PKI basics
ITIL, DevOps, Scrum
Very good knowledge of German and English.
Darwin Recruitment AG is a Zurich based, SECO licensed, privately owned subsidiary of Darwin Professional Staffing Group Ltd (a Global IT Recruitment Consultancy).
Darwin Recruitment AG manages client relationships whilst also utilising Darwin Professional Staffing Group databases and networks to source Candidates and fulfil client requests.
We do not ask for a placement fee from Candidates/Employees.
If you wish to contact a specialist regarding this role, or your job search in general, please contact