.principal cloud security engineer waf-220006is*applicants are required to read, write, and speak the following languages*: english*preferred qualifications*position overview*the saas cloud security (scs) engineering organization is looking for an innovative and experience cloud web application firewall (waf) engineer to join our next generation devsecops projects in reshaping the cloud services landscape across all industry verticals and the world's most critical organizations.
the scs organization for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day.
*requirements*:- 7+ years of cumulative experience in devsecops engineering, automation,, network security firewalls / loadbalancers, linux/ weblogic, identity management- bachelor's degree in computer science or information technology- devsecops experience and sdlc lifecycle- excellent scripting experience in any of shell/ perl/ python etc languages- linux administration: advanced including rpm build / grep / sed / awk utils- fluency desired in any of the below cloud/ devops tools and technologies- postman: rest api- microservice platform: kubernetes administration including security- microservice imaging: docker build and deploy- cm tools: chef, python and ansible- infra as code: terraform using cloud provider- cloud infra: oracle cloud infrastructure/ aws/ azure/ gcp etc- strong knowledge of network security architectures, including firewalls, demilitarized zones (dmz), router acls (access control lists), and web content filters.
reasonable knowledge of networking i.e., dns records, loadbalancers, subnets etc.- strong understanding of on premise and cloud based web application firewall technologies- experience with security programming using rest api's and automation- knowledge of waf (web application firewall) concepts and implementation experience on any cloud platform- basic understanding of system exploits (e.g., buffer overflows, pth attacks, windows authentication framework etc.).
basic understanding of ddos techniques and mitigation mechanisms- oracle cloud infrastructure -oci prior knowledge and/ or certification desired.- knowledge of http/s basic authentication, forms-based authentication including saml, sso & oauth standards- experience with common http troubleshooting tools like httpwatch, fiddler & samltracer*responsibilities*- plan and drive waf implementation planning and deployment motions across the oracle saas fleet- triage and understand waf logs to detect the potential threats/ blocks and tune waf policies for any red herrings- automate and integrate incident response plans based on waf events- build and update threat models based on waf event patterns