KeyBank Web Application Firewall (WAF) Engineer in United States

Web Application Firewall (WAF) EngineerinVariousatKey Bank- Corporate

Date Posted:7/3/2018

ApplyNot ready to Apply?

Share With:

Job Snapshot

  • Employee Type:


  • Location:

2050 Integrity Drive South


  • Job Type:

Information Technology

  • Experience:

Not Specified

  • Date Posted:


Job DescriptionJob Brief:CIS Infrastructure Engineer involved in web application firewall (WAF) policy development and implementation. The resource would be responsible for application security policy development and maintenance, monitoring compliance with information security policy and applicable regulatory requirements. Working with the application development teams, the Engineer will monitor, assess, and fine-tune the WAF policies through incident monitoring and analysis.With limited supervision and direction from management, plans and evaluates complex existing systems and makes recommendations for resources required to maintain and/or expand service levels.5+ years of Information Security experience.Required Qualifications:4 Year degree or equivalent experience.Solid understanding of web applications, web servers, application firewalls, frameworks and protocols with respect to web application development, deployment, and operationExtensive knowledge of F5 ASM or other Web Application Firewall productsExtensive knowledge of web technologies and concepts (session cookies, certificates encryption, etc.)Strong understanding of TCP/IP and basic networking conceptsExpertise in one or more areas such as operating systems, web services, programming languages, network devices, application vulnerabilities and attack vectorsProven ability to understand and analyze highly complex issues, then apply experience and judgment to develop sound recommendations related to application and security event identification and resolutionExperience in reviewing and analyzing log files and data correlationFundamental knowledge of information security and security principlesFundamental knowledge of information security standards, policies, controls, and regulationsFamiliarity with the OWASP Top 10, secure SDLC, CIS Top 20 conceptsDesired Qualifications:Experience with Web/Application Servers (IIS IBM HTTP Server WAS Apache)Scripting/programming using Python, Perl, Shell or CWorking knowledge of Web Services and SOAExperience with Java and/or .NET technologiesExperience with PKI TechnologyExperience with Identity Management solutions (ITIM; Waveset; Identity Manager)Experience with DataPowerEssential Job Function:The following tasks are common to all roles of the CIS Infrastructure Engineering team:

  • Perform platform administration

  • Monitoring and analysis of the log files, learning suggestions, and alert triage

  • Contact for WAF-related application issues and security events

Role specific tasks may include:

  • Architecture strategy and planning

  • Operation and support planning

  • HTTP Profile / Virtual Server oversight

  • Patch, update, and version management

  • Policy implementation and maintenance specific to the application platforms

  • Close communication with security and application stakeholders

  • Data analysis for application testing and normal operation

  • Acquire and maintain knowledge of application architecture and design

  • Acquire and maintain knowledge of application behavior, input/output, data push/pull, parameters, etc.

  • Ensure knowledge transfer to other CIS Infrastructure team members

  • Provide operational support as part of an on-call rotation

Job Location:Full Remote PermittedABOUT KEY:KeyCorp's roots trace back 190 years to Albany, New York. Headquartered in Cleveland, Ohio, Key is one of the nation's largest bank-based financial services companies, with assets of approximately $134.5 billion at March 31, 2017. Key provides deposit, lending, cash management, insurance, and investment services to individuals and businesses in 15 states under the name KeyBank National Association through a network of more than 1,200 branches and more than 1,500 ATMs. Key also provides a broad range of sophisticated corporate and investment banking products, such as merger and acquisition advice, public and private debt and equity, syndications, and derivatives to middle market companies in selected industries throughout the United States under the KeyBanc Capital Markets trade name. KeyBank is Member FDIC.ABOUT THE BUSINESS:Key Technology and Operations (KTO) is Key Bank s shared services organization for technology, operational, and servicing functions supporting business partners and clients across all lines of business. Within the overall organization, KTO provides efficient, reliable and secure technology; creates an effective variable cost technology delivery model that maximizes the return on IT spend; orchestrates the efficient use of corporate information and technology assets; and supports innovation that creates competitive distinction. KTO is effective and efficient in payment and deposit servicing, loan servicing, exception and dispute processing, investment and support services, sourcing and procurement, as well as enterprise-wide fraud prevention, investigations and operational support to human resources and the Bank s BSA/AML program.FLSA STATUS:ExemptKeyCorp is an Equal Opportunity and Affirmative Action Employer committed to engaging a diverse workforce and sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.JobID: 28432BR