Principal SME Web Application Security Protection

Principal SME Web Application Security Protection Miejsce pracy: Kraków Technologies we use Expected Microsoft Azure AWS About the project The Cloud DevOps engineers will work within an agile team of Engineers and Operations personnel building highly resilient, scalable and performant AWS infrastructure in an automated and efficient manner. The engineers will work alongside the Application DevOps teams and cross-functional IT teams. The engineers will be required to use their initiative to innovate to achieve maximum performance and be prepared to investigate and use new products/services offered by AWS. Your responsibilities Support to coordinating migration of teams to WAF Central Rules in block mode for example. Development and realisation of new processes for new Operating Models. Overseeing development and integration of central capabilities (Central SOC/SIEM) alerting and incident response etc. Working with CSP Architecture and Core engineering DevOps Leads on enabling of WAF Rules on Internal facing services. Working with central ESP team to capture and define central security baseline rules / signatures. Working with application teams / support to migration of their services to new Central CSP Managed. Uses their networking and network security experience and knowledge to review Business and IT projects and provide advice and guidance, ensuring network security control requirements are satisfied. Identifies and drives opportunities to improve network security posture based on an understanding of current control and technology environment. Expert understanding of network security threats and risks, able to identify areas of network security risk and propose solutions. Excellent communication and interpersonal skills, with experience interacting with technical leaders and various layers of management considered a plus. Able to analyse network and cybersecurity data (e.g. system logs) to support decision making and evidence control effectiveness. Ability to build connections and work collaboratively across boundaries. Willingness to continuously learn and share learnings with others. Ability to coach and guide more junior team members as needed. Our requirements Candidate MUST have experience in working in at least one Cloud Provider and have experience working with CSP native WAF solutions or equivalent - Akamai in use of WAF Rules and DDoS protection. Candidate will have experience working at scale in the use at least one CSP native WAF solutions or equivalent - Akamai WAF and DDoS protection solutions. Candidate SHALL be able to demonstrate use of WAF and the applying of common rule sets within their organisation. Candidate SHALL will have experience working in central functioning role and be able to demonstrate effectiveness in working cross an organisation in applying common security baseline configuration for protection of services. Candidate SHALL have experience in producing guidance, procedural and process documentation for consumption by multiple teams on WAF or equivalent Security Configuration for protection of services. Candidate should be familiar key Industry and OpenSource standards for WAF. Candidate MUST have basic level Web Security understanding and be able to guide Web Application / UI Developers on security aspects relating to non-compliance to Security baseline configuration. Candidate SHALL be able demonstrate experience in responding and handling adequately of Cyber-attacks (Layer 7 / DDoS attacks). Candidate SHALL have direct experience in Monitoring and Alerting of attacks in at least one CSP - AWS, Azure, GCP or equivalent Candidate SHAL have strong understanding of Web Applications / HTML / JS sufficient enough to demonstrate they are capable in reviewing of signatures and identification of false positives. Candidate MUST be able to demonstrate an affective ability working with multiple functions of the business in the defining of processes, procedures and in the responding to security incidents. Candidate will have expected to upskill where required of the role on CSP Native technologies, where maybe required during an incident to respond rapidly in analysing of attack signatures in near-Realtime and performing appropriate mitigation actions. Candidate shall have one or more CSP basic certifications - AWS, GCP or Azure. Candidate SHOULD have experience working with Logging solutions such as Splunk in the filtering and alerting of issues. What we offer Competitive salary Annual performance-based bonus Additional bonuses for recognition awards Multisport card Private medical care Life insurance One-time reimbursement of home office set-up (up to 800 PLN) Corporate parties & events CSR initiatives Nursery discounts Financial support with trainings and education Social fund Flexible working hours Free parking Benefits sharing the costs of sports activities private medical care sharing the costs of professional training & courses life insurance remote work opportunities flexible working time integration events corporate sports team retirement pension plan corporate library no dress code coffee / tea parking space for employees leisure zone extra social benefits employee referral program opportunity to obtain permits and licenses charity initiatives family picnics extra leave In-office gym Recruitment stages Online assessment Phone interview Job interview Welcome to HSBC HSBC Service Delivery (Polska) Sp. z o.o. HSBC is one of the world's largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories. HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year. Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share. Thank you for interest in HSBCBefore you apply, please note that we will take into the consideration only applications that include the following statement:."I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).".Due to the high number of applications, we reserve the right to contact selected candidates onlyIn case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: krakow.recruitment@hsbc.com.