Lead Security Engineer (WAF)

Job Description

Experience Summary: Lead Cyber Security and Management, shall be responsible for ensuring the day-to-day operations and maintenance of the organization's security Posture. Strengthen security posture and ensure the control effectiveness of security systems within an organization. Collaborate with diverse teams to ensure the seamless functioning of the Solutions, optimization of the security infrastructure and controls. Responsibilities: Ensure the day-to-day operations and maintenance of the organization's cyber security infrastructure and controls to protect systems, networks, and data. Troubleshooting of WAF, IPS, SSL Offloader, DAM, API Security etc. Sec DevOps, Review and implement Secure Configuration. Responsible for Firmware upgrade, closing of Audit points/Vulnerabilities, Creation of Security Policies, Fine tuning of exiting Policies, Configuration Backups, Event Log Monitoring, Signature finetuning etc. Provide resolution of issues escalated from L1 and L2. Handling Shift Operations across 24x7. Prepare HLD & LLD, generate configuration template etc for changes. Ensure coverage and effectiveness of Security Solution, Report and Review incidents. Ensure optimum security, availability, performance, and capacity of security solutions under management Ensure & maintain up-to-date documentation - SOPs, Architecture digrams etc. to remove dependency on people Manage configuration changes and deployments according to established change management processes, ensuring minimal disruption and adherence to best practices. Ensure hardening, latest stable version and security patches of security devices and solutions Track EOL/EOS and ensre that there no technology obsolescence. Ensure resolution of incidents and outages, coordinating with internal teams and external vendors to restore service within agreed-upon SLAs. Manage escalations and run the smooth operations of security solutions. Ensure relevant processes are followed for change, incident & daily operations Identify & analyse pain areas in existing security operations & implement improvements Manage operational issues which require design/technical inputs. Ensure compliance with regulatory requirements, security policies, and security frameworks such as ISO 27001, NIST, or CIS Publish the relevant dashboards and status updates. Escalate deviations and violations in a timely manner. Remain current with organizations security policies, latest security advisories/threats, industry best-practices and developments in cyber security, and recommend and implement best practices and technologies to mitigate emerging threats. Education: B.E/ B.Tech, MCA (Computer/IT)/B.Sc (Computer/IT) or degree in relevant field. Experience: Candidate should have 6+ years of experience preferably in Banking and Technology organization Knowledge: Sound experience in managing Application security technologies and operations in a large and complex environment. Should have sound understanding & knowledge of Sec DevOps, Microsegmentation, DDOS Protection Solution, DNS Sec, various Database and Application security technologies & techniques like WAF, NGFW, IPS, SSL Offloader, DAM, API Security etc. Should have hands on experience on WAF, IPS, SSL Offloader, DAM, API Security, incident response techniques and technologies. Should have knowledge & understanding of Cloud Technologies, IT infrastructure & networking technologies, operations and security principles. Should have sound understanding about OWASP Web and Mobile Application Security, Mitigation and Response. Strong understanding of Regulatory security guidelines & master directions and security frameworks such as ISO 27001, NIST, or CIS. Should be well versed with ITIL and ITSM practices