The Lead Cybersecurity Web Application Firewall (WAF) Engineer is a vital position dedicated to managing the security of our public-facing websites through the implementation and optimization of Web Application Firewalls. In this role, you will enhance security policies, deploy WAF solutions for new sites based on established frameworks, and engage in security events utilizing WAF as a defensive mechanism against emerging threats.
This position requires an in-depth technical background in operating WAFs as part of a robust cybersecurity strategy. You will leverage your understanding of networking fundamentals, such as DNS and HTTP/S, and your experience with client-server communication in web and mobile applications. Collaboration with cross-functional teams will be essential to ensure a cohesive approach to security.
This role reports directly to the Senior Manager of Application Security at Cox Automotive.
Key Responsibilities: - Implement and enforce WAF controls for public-facing websites.
- Analyze and refine WAF rules to enhance the protective measures offered.
- Assist in defining technology and architectural standards impacting information and system security.
- Develop WAF alerts and automation tools for effective threat detection and response.
- Conduct cyber engineering trend analysis and provide insightful reports on tools and infrastructure improvements.
- Advise on strategies and policies aimed at enriching the overall security posture.
- Engage in security events and incident response, identifying design gaps and proposing solutions.
- Research emerging security trends, threats, and technologies, recommending suitable enhancements.
Minimum Qualifications: - Bachelor's degree in a relevant field with 4 years of experience, or other suitable combinations of education and experience.
- A minimum of 2 years of focused cybersecurity experience.
- Proficient in setting up and managing web application firewalls; understanding network traffic routing between clients and servers.
- At least 2 years of recent experience with Terraform.
- Experience working in layer 7.
- Ability to effectively communicate cybersecurity policies to both technical and non-technical audiences.
- Strong customer service, writing, and presentation skills.
- Proven ability to foster productive collaborations with key stakeholders and cybersecurity teams.
- Consultative approach in navigating complex or contentious topics.
- Aptitude for evaluating risks and making informed decision-making.
- Creatively addressing complex cybersecurity challenges with solid business insights.
- Familiarity with Agile methodologies and DevSecOps.
- Experience implementing change in Fortune 1000 companies.
- Knowledge of cybersecurity frameworks and regulations guiding architectural requirements.
Preferred Qualifications: - Understanding of modern cybersecurity architectures including zero trust, IaaS, PaaS, SaaS, and cloud technologies.
- Expertise in cloud containers and serverless platforms.
- Experience with security testing tools like Veracode, Fortify, BurpSuite, and Wiz.
- Broad technology knowledge, recognized expertise in areas such as .NET, Spring frameworks, and authentication patterns.
- Familiarity with cloud infrastructure (AWS, GCP, or Azure) and on-premises systems.
- Python programming knowledge is a plus.
- Experience developing cybersecurity best practices across all levels of hosting and application stacks.
- Knowledge in Identity and Access Management (IAM), cryptography, security protocols, and access controls.
- Experience with firewalls, web application firewalls, and in-depth understanding of network architectures.
- AWS Well-Architected Framework proficiency.
- Background in national critical infrastructure sectors.
- Experience with large consulting firms or Fortune 500 companies.
- Relevant industry certifications (e.g., CISSP, CEH, OSCP, Azure, AWS, CISM, CISA) are preferred.
Compensation for this position ranges from $99,000.00 to $165,000.00 annually, with additional potential incentives based on individual qualifications and location.
Cox Automotive values its employees, offering flexible vacation policies, paid holidays, wellness hours, and various forms of paid time off including bereavement, parental leave, volunteer time, and more.
Join Cox Automotive where we transform the automotive industry while fostering employee growth and satisfaction.