System Engineer

Group Information Security (GIS) provides high quality information security and risk management and is seeking a collaborative, people‑centric organization with local presence and global reach. As part of Cyber security, the Application Security team specializes in understanding Web technology, related vulnerabilities, best practices for development and remediation, and the latest tools available to protect our global portfolio of Web sites and applications.

Application Security Engineers are technical subject‑matter experts while also helping manage a Service to the business. Reporting to the Head of Application Security for Americas, the responsibilities include working with peers in Group Information Security to advise business stakeholders and distributed application development teams on proper security in their Software Development Lifecycle, scanning and identifying vulnerabilities in applications, and strategically using infrastructure technologies such as Web application firewalls to provide layers of defense.

This role is in charge of our global Imperva Web Application Firewall service, and is ideally suited for someone with 1‑3 years hands‑on experience supporting a distributed WAF architecture, integrating applications for active protection, overseeing tuning of policies, and presenting the technical capabilities and value proposition to business stakeholders. Candidates knowledgeable about complementary technologies such as Veracode or White Hat SAST/DAST scanning, or Incapsula DDoS protection, would have an advantage.

A strong understanding of Web technology fundamentals, including the top Web security threats, would provide a solid foundation to sustain and mature this application protection service. Attention to detail, logical decision‑making, anticipation of problems, and the ability to communicate technical concepts are essential for success.

• Subject matter expert in Web Application Security for GIS, specifically for Imperva Web Application Firewalls
• Manage the service offering to provide meaningful risk reduction for business units
• Refine processes to efficiently protect new applications by the WAF infrastructure
• Delegate business‑as‑usual tasks to be executed by supplemental offshore resources
• Coordinate change and seek approvals from business change advisory boards as needed
• Manage vendor relationship, interfacing with account representative, sales engineer, and dedicated support engineer to resolve issues and plan future capabilities
• Interact with a variety of personnel, ranging from software developers to security/IT executives
• Assist in the creation, education and delivery of the rollout plans, security policies, and service offering, via phone calls, meetings, demonstrations, presentations, and wiki
• Help empower development of secure coding practices to eliminate vulnerabilities

Bachelor’s degree in Computer Science, Computer Engineering, or related discipline.

• 5+ years professional experience working with Web applications in a large company as a developer or a security professional
• 1‑3 years hands‑on experience with Imperva Secure Sphere Web Application Firewall or similar technology, and/or comparable knowledge of protecting Web applications
• Web troubleshooting tools and knowledge to fully analyze the request/response model for Web applications in distributed data centers, across Web proxies, through load balancers, etc.
• Ability to utilize keyboard, and superior communication to be able to negotiate and persuade others working on projects, via email, phone, and presentation

2+ to 5 years experience

Management Experience Required - No

Minimum Education - Bachelor's Degree

Willingness to Travel - Occasionally

Job Category:
Information Technology - Security