Some careers shine brighter than others.
If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team as WAF technical Lead
In this role, you will be play a key role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.
· Lead design, architecture and implementation of the WAF solutions to meet the organizations security requirement and business needs.
· Develop and maintain WAF standards, policies and best practices.
· Lead hands on implementation, configuration and deployment of WAF.
· Develop custom WAF tuning processes, documentation, and designs tailored to the organization's needs.
· Conduct training sessions for Application Teams, equipping them with the knowledge and skills needed for WAF tuning.
· Collaborate with Application Teams to fine-tune WAF settings, enhancing security measures and performance
· Review each platform against the Minimum Viable Product (MVP) benchmarks to identify and rectify any discrepancies
· Establish and agree upon a Baseline Configuration that satisfies MVP requirements
· Document WAF limitations and collaborate with the Risk team and vendors to seek resolutions
· Work closely with business and application teams to understand application logics, identify potential vulnerabilities and tailor WAF protection.
· Provide technical guidance, mentorship and training to direct team members on technology and processes.
· Provide SME WAF Engineer design support for WAF solution design against industry best practices such as company MVP, OWASP and vendor best practices
· Discover, document, and create technical design and automation consumable configurations for WAF deployment and audit prerequisites, including:
· Baseline configuration design patterns from MVP reviews for all platform
· Technical deployment methods of custom rules and exceptions per platform and any per platform ordering / priority considerations with a lens on the safest deployment models possible
· Acceptable access controls for WAF management planes per platform against the companies agreed IDAM (Identity and Access Management) policies
· Assist Cyber engineering team in removing impediments, enhancing workflows, and improving their practices to deliver high quality network solutions.
· Mentor team on agile principles and practices, promote continuous improvement and self-organization within the team. Besides ensure transparency and accountability within a team.
· Communicate updates and reports to stakeholders and senior management.
· Build and maintain KPI’s for the team and the engineering products.
· Drive incident resolution - technology or process, across technology teams, stakeholders and management where required.
· Liaison with vendor on product issues including design, features, and defects.
· Implement network solutions aligned to organizational standard and meet regulatory requirements.
· Provides knowledge transfer with teammates through formal team training sessions, brown bags, and mentoring of other team members.
· Apply technical expertise in implementing efficiencies and creating strategies to better detect and respond to cyber incidents by prioritizing mitigation actions.