The College Board
WAF Security Engineer
The College Board, Chicago, Illinois, United States, 60290
This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/jobs/12384508 College Board - Technology - Cloud Security Engineering
100% Remote, working core EST hours
About the Team
The Cloud Security Engineering (CSE) team engineers, operates, and secures College Board\'s critical cloud infrastructure. As a close-knit and collaborative group, we thrive on sharing ideas and working together to navigate intricate security challenges. By leveraging leading cloud security technology solutions, we proactively protect College Board\'s web applications and products, all in support of our mission to clear a path for all students to own their future. We partner across the organization, collaborating closely with various cybersecurity and development teams to address sophisticated security issues.
About the Opportunity
As our WAF Engineer, you are a collaborative, detail-oriented and a proactive problem solver. You will develop, support, tune and deploy cutting-edge web application security solutions (WAF, DDOS, BOT Mitigation) across College Board. Focusing on web application security, you will engineer, deploy, and operate robust security solutions, including WAFs (Akamai, AWS, Cloudflare, etc.) and seamlessly integrate these platforms with other security solutions. You will leverage scripting in Python, shell, and other languages, as necessary to meticulously protect our infrastructure.
In this role you will:
Engineer, configure, deploy, and maintain Web Application Firewall solutions Develop advanced scripts for manipulation of multiple data repositories to support analyst requirements Develop advanced alerts/reports to meet the requirements of key stakeholders Develop scalable security management tools and processes Develop automation for security tools management and workflow integration Collaborate with key stakeholders within Cybersecurity and Engineering teams to develop use cases to address specific business needs Create WAF rules to mitigate threats and implement best practices Develop new SIEM (Security Information and Event Management) content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms Provide rotating 24/7 support for security-related issues
About You
You have:
3+ years\' experience as a Security Engineer with strong focus on Akamai WAF platforms Understanding of OWASP risks, vulnerabilities and mitigation mechanisms Experience managing Web Application Firewalls and rules Expertise in exploiting web apps and web services security vulnerabilities (XSS, CSRF, SQL injection, DoS, XML/SOAP, API attacks) Proficiency in system exploits (Buffer Overflows, PTH attacks, Windows authentication framework, etc.) Understanding of common network and web protocols Knowledge of DDoS techniques and mitigation Familiarity of event logs and alerts from various data sources (Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, web proxies) Willingness and ability to provide 24/7 support, rotating primary and secondary support roles within the team Authorization to work in the United States
Additional nice-to-haves:
Knowledge of SSDLC processes and application security tools and frameworks, including Kali Linux Web application testing tools (Burp Suite, Nikto, Maltego, SQLMap) Experience in Cyber Security Operations, Digital Forensics, Threat Hunting, and Incident Response System administration experience in a Windows and Unix environment
About Our Process
Application review will begin immediately and will continue until the position i filled While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.
About Our Benefits and Compensation
College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.
The hiring range for a new employee in this position is \$120,000 to \$131,000. Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on this criteria.
Your salary is only one part of all that College Board offers, including but not limited to:
A comprehensive package designed to support the
100% Remote, working core EST hours
About the Team
The Cloud Security Engineering (CSE) team engineers, operates, and secures College Board\'s critical cloud infrastructure. As a close-knit and collaborative group, we thrive on sharing ideas and working together to navigate intricate security challenges. By leveraging leading cloud security technology solutions, we proactively protect College Board\'s web applications and products, all in support of our mission to clear a path for all students to own their future. We partner across the organization, collaborating closely with various cybersecurity and development teams to address sophisticated security issues.
About the Opportunity
As our WAF Engineer, you are a collaborative, detail-oriented and a proactive problem solver. You will develop, support, tune and deploy cutting-edge web application security solutions (WAF, DDOS, BOT Mitigation) across College Board. Focusing on web application security, you will engineer, deploy, and operate robust security solutions, including WAFs (Akamai, AWS, Cloudflare, etc.) and seamlessly integrate these platforms with other security solutions. You will leverage scripting in Python, shell, and other languages, as necessary to meticulously protect our infrastructure.
In this role you will:
Engineer, configure, deploy, and maintain Web Application Firewall solutions Develop advanced scripts for manipulation of multiple data repositories to support analyst requirements Develop advanced alerts/reports to meet the requirements of key stakeholders Develop scalable security management tools and processes Develop automation for security tools management and workflow integration Collaborate with key stakeholders within Cybersecurity and Engineering teams to develop use cases to address specific business needs Create WAF rules to mitigate threats and implement best practices Develop new SIEM (Security Information and Event Management) content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms Provide rotating 24/7 support for security-related issues
About You
You have:
3+ years\' experience as a Security Engineer with strong focus on Akamai WAF platforms Understanding of OWASP risks, vulnerabilities and mitigation mechanisms Experience managing Web Application Firewalls and rules Expertise in exploiting web apps and web services security vulnerabilities (XSS, CSRF, SQL injection, DoS, XML/SOAP, API attacks) Proficiency in system exploits (Buffer Overflows, PTH attacks, Windows authentication framework, etc.) Understanding of common network and web protocols Knowledge of DDoS techniques and mitigation Familiarity of event logs and alerts from various data sources (Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, web proxies) Willingness and ability to provide 24/7 support, rotating primary and secondary support roles within the team Authorization to work in the United States
Additional nice-to-haves:
Knowledge of SSDLC processes and application security tools and frameworks, including Kali Linux Web application testing tools (Burp Suite, Nikto, Maltego, SQLMap) Experience in Cyber Security Operations, Digital Forensics, Threat Hunting, and Incident Response System administration experience in a Windows and Unix environment
About Our Process
Application review will begin immediately and will continue until the position i filled While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.
About Our Benefits and Compensation
College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.
The hiring range for a new employee in this position is \$120,000 to \$131,000. Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on this criteria.
Your salary is only one part of all that College Board offers, including but not limited to:
A comprehensive package designed to support the