Web Application Security (WAF) Engineer

Zürich  ‐ Vor Ort
Dieses Projekt ist archiviert und leider nicht (mehr) aktiv.
Sie finden vakante Projekte hier in unserer Projektbörse.

Beschreibung

Role Purpose

We are looking for a Web Application Security Engineer for a Security & Data Protection Team in Zurich. Our client's architecture is currently undergoing fundamental change: In this position, you will work to advance innovative web security solutions using a wide variety of technologies. You use new and proven technologies and bring your technical expertise to a dynamic and agile team. You are responsible for both operational activities and the further development of IT products assigned to you. In order to reduce manual and error-prone work to a minimum, you automate tasks as far as it makes sense.

Your role

Your main task is to configure our client's web application Firewall (WAF). You will take care of operational activities, but this also includes debugging HTTP requests together with developers. You analyze network traffic to identify problems. You implement changes to productive 24x7 systems on weekends and at night. This can happen up to twice a month.

Your knowledge and experience

You have a degree in computer science or business informatics. If possible, you have several years of experience in a similar function or as a web application developer, preferably in the IT security or financial sector. Experience in mobile and API development is also an advantage.

Expected skills in the following areas:

  • Analysis of security-critical applications (eg E-banking) in the browser and native apps
  • Planning and implementation of the configuration of reverse and forwarding Proxy and/or web application Firewalls
  • Integration of applications with security infrastructure components such as IAM, proxies, Firewalls, gateways, vaults, web application Firewall, etc.
  • Adequate use of OWASP Top 10, OWASP API Top 10, OWASP Mobile Top 10

Additional Experiences

  • Examine/correlate logs (with Splunk)
  • Analysis of network traffic (with Wireshark)
  • Security or penetration testing
  • Policies and Rules Management
  • SW/HW maintenance, automation/infrastructure as code, (security) monitoring, performance optimization
  • Installation and operation of web security products in container environments
  • Security protocols such as HTTPS, mTLS, OIDC, oAuth2, etc.
  • PKI basics
  • ITIL, DevOps, Scrum
  • Very good knowledge of German and English.
Start
ab sofort
Dauer
12 months+
(Verlängerung möglich)
Von
Swisstech Recruitment
Eingestellt
01.07.2022
Projekt-ID:
2417033
Vertragsart
Freiberuflich
Um sich auf dieses Projekt zu bewerben müssen Sie sich einloggen.
Registrieren