Job Requisition ID: 35718
1. Work in a highly innovative and transformative business
2. Mentoring, growth and training – receive support and coaching to progress your career
3. Preventive and supportive mental health initiatives
Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.
What will your typical day look like?
The Firewall Manager is responsible for the operations that fall under the Web Application Firewall Service in the APAC region and reports directly to the Service Owner. The candidate will have a strong background in cybersecurity and understanding of web application security practices. The individual will oversee and manage the deployment, configuration, and maintenance of our web application firewall systems for Global customers. This role requires expertise in collaborating with other teams, leadership to address/remediate identified security issues as well as provide status to leadership at multiple levels.
Key Role Responsibilities:
4. Web Application Firewall Management: Oversea the deploy, configuration, tracking and maintenance of web application firewall systems to protect our web applications against potential threats and vulnerabilities.
5. Manage a team of WAF engineers that provide regional operational support to application owners.
6. Lead status updates, workshops, meetings, and report to senior leadership.
7. Manage and support WAF Security Incident Response: Monitor and analyze security events, alerts, and logs generated by the web application firewall systems. Investigate and respond to potential security incidents, working closely with the Security Operations Center (SOC) and Cybersecurity teams.
8. Oversee Detection and Analysis: Develop and maintain detection rules, alerts, and reports to proactively identify and mitigate risks within the WAF. Provides investigation findings to relevant business units to help improve information security posture.
9. Oversee Vulnerability Assessment: Utilize WAF data to identify potential vulnerabilities and recommend appropriate remediation measures to customers.
10. Create Documentation and Reporting: Maintain accurate documentation of WAF configurations, policies, and procedures. Prepare reports and metrics related to web application security, including trends, incident summaries, and mitigation strategies, as needed.
11. Collaboration and Training: Collaborate with cross-functional teams to ensure effective communication, knowledge sharing, and alignment of security objectives. Provide training and daily guidance to staff members on WAF best practices and security awareness.
12. Collaborate with key stakeholders and senior leaders such as CISOs, CIOs and directors within Cybersecurity, Engineering, and Development teams to create specific use cases to address business needs and security requirements.
13. Serve on teams and task groups for projects/initiatives within the business unit and/or across the organization.
About the team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.
Enough about us, let’s talk about you.
You are someone with:
14. Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or equivalent years in experience
15. 10+ years with minimum 2 years into network security, 2 years in WAF experience and at least 2 years leading teams.
16. Strong knowledge of web application security concepts, OWASP Top 10 vulnerabilities, and related mitigation techniques.
17. Strong technical background with Akamai or Radware Web Application Firewall (WAF) technologies and bot mitigation security policies.
18. Proficiency in deploying and managing web application firewalls, preferably with experience in AKAMAI and RADWARE or similar tools.
19. Understanding of API security issues and API authentication.
20. Previous experience in a Security Operations Center (SOC) or performing cybersecurity analysis is highly desirable. Prior experience working with Splunk for security event management, log analysis, and threat detection.
21. Good understanding of information security principles and policy enforcement.
22. Solid comprehension of HTTP protocol and demonstrated ability to troubleshoot using HTTP logs
23. Strong technical background in web development and familiarity with potential attack vectors/methods
24. Understanding of DNS, Networks, Firewalls, SSL Certificates
Preferred:
25. Knowledge of Web Application Firewall technologies (Akamai and Radware)
26. Ethical hacking
27. ServiceNow experience
28. Technical documentation experience
29. Familiarity with cloud security services, concepts, and best practices
30. CISSP, CISM, CISA, GIAC or other security certifications are desired
31. Bi-lingual (Japanese a plus)