WAF Technical Lead, HSBC

HSBC

Location:
India, Hyderabad

Category:
IT - Software Development

Contract Type:
Employment contract

Salary:

Not provided

Save Job

Apply Position

Job Description:

This role involves leading the design, architecture, and implementation of Web Application Firewall (WAF) solutions to meet security requirements. Tasks include developing and maintaining WAF standards, conducting training sessions, and collaborating with application teams to enhance security. The position also includes mentoring team members, driving incident resolution, and maintaining KPIs for engineering products.

Job Responsibility:

Lead design, architecture and implementation of the WAF solutions to meet the organizations security requirement and business needs
Develop and maintain WAF standards, policies and best practices
Lead hands on implementation, configuration and deployment of WAF
Develop custom WAF tuning processes, documentation, and designs tailored to the organization's needs
Conduct training sessions for Application Teams, equipping them with the knowledge and skills needed for WAF tuning
Collaborate with Application Teams to fine-tune WAF settings, enhancing security measures and performance
Review each platform against the Minimum Viable Product (MVP) benchmarks to identify and rectify any discrepancies
Establish and agree upon a Baseline Configuration that satisfies MVP requirements
Document WAF limitations and collaborate with the Risk team and vendors to seek resolutions
Work closely with business and application teams to understand application logics, identify potential vulnerabilities and tailor WAF protection
Provide technical guidance, mentorship and training to direct team members on technology and processes
Provide SME WAF Engineer design support for WAF solution design against industry best practices such as company MVP, OWASP and vendor best practices
Discover, document, and create technical design and automation consumable configurations for WAF deployment and audit prerequisites
Build and maintain KPI’s for the team and the engineering products
Drive incident resolution - technology or process, across technology teams, stakeholders and management where required
Liaison with vendor on product issues including design, features, and defects
Implement network solutions aligned to organizational standard and meet regulatory requirements
Provide knowledge transfer with teammates through formal team training sessions, brown bags, and mentoring of other team members
Apply technical expertise in implementing efficiencies and creating strategies to better detect and respond to cyber incidents by prioritizing mitigation actions

Requirements:

Demonstrate leadership abilities with track record of successfully managing and motivating teams
Strong experience with multiple WAF solutions including Akamai, F5, AVI, NGINX+
Strong experience with cloud services and their WAF controls, including AWS, Azure, and GCP
Strong understanding of Web Application security attack methods and mitigations
Strong experience with enterprise scale WAF deployments and the discovery and provisioning of prerequisites such as access control, certificates, rate limiting, SIEM connectors, rule sets and features
Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices
Experience in conducting educational sessions or training, with an emphasis on WAF tuning
Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security
Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations
Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge
Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices
Experience in rate limiting techniques and their integration into security configurations
Experience of version control and update mechanisms for WAF solutions
Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments
Skills in designing SIEM connector options and interfacing with SIEM Teams/SOC for compliance and monitoring purposes

Nice to have:

CISSP certification
Experience with modern agile software delivery practices such as scrum, version control, continuous integration, and delivery (CI/CD), DevOps
Knowledge and experience in Agile and DevOps development practices

What we offer:

Flexible working
Opportunities to grow within an inclusive and diverse environment
Continuous professional development
Workplace fostering opinions and input

Additional Information:

Job Posted:
August 14, 2025

Expiration:
September 13, 2025

Employment Type:

Fulltime

Work Type:

On-site work

View All Jobs In This Company

Job Link Share:

WAF Technical Lead