3 Api Protection Jobs

You will consult with the Capability Lead to deliver Web Application and API Protection for critical applications primarily on the Akamai platform. This includes monitoring and reviewing all tuning requests, conducting detailed log analysis to identify false positives, and optimizing WAF rules for improved accuracy and performance. Additionally, you will create and maintain comprehensive documentation for WAF tuning procedures, policies, and configurations. Your responsibilities will also involve developing, testing, and recommending WAF policies and rules tailored to specific applications and environments. You will proactively assist in identifying false positives and collaborate with cross-functional teams to ensure the seamless integration of WAF solutions into existing security infrastructure. Furthermore, you will work with Application teams to enable web application protection and deliver anti-bypass protection for on-premise applications currently using Akamai. You are expected to provide recommendations for WAF configuration based on best practices and security requirements, perform regular assessments and audits of WAF configurations to ensure optimal security posture, and compliance with industry standards. This includes maintaining evidence for audit and regulatory purposes and delivering monthly and quarterly business reviews for application owners to demonstrate the effectiveness of WAF control. To stay effective in this role, you must stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness. You will evaluate, design, and deliver new and alternative WAAP features and solutions to ensure the best possible protection. Your key accountabilities include ensuring alignment with the capability lead and control owner to deliver consistent WAAP policies across multiple infrastructures. You will also ensure timely and accurate review and action on all WAF tuning requests, conduct thorough log analyses to effectively identify and mitigate false positives, and maintain comprehensive and up-to-date documentation for all WAF tuning procedures, policies, and configurations. Collaboration with cross-functional teams and application teams is essential for integrating WAF solutions seamlessly into existing security infrastructure and enabling WAF protection. You will also ensure connectivity to origin servers on-premise only comes through Akamai to prevent direct-to-origin attacks. Providing expert recommendations for WAF configurations based on best practices and current security requirements, performing service reviews with accountable service application owners, and staying informed about the latest web security threats, vulnerabilities, and trends are crucial aspects of this role. Additionally, you will review existing and new solutions to deliver best-in-class protections.,

As a Head of Web Application and API Protection at HSBC, you will be responsible for defining and maintaining the global strategy for Web Application Security & Protection (WASP). You will work closely with engineers, platform owners, architects, and Control Owners to ensure business success, meet regulatory expectations, and respond to evolving threat landscapes. Your role will involve owning the investment roadmap for WASP, prioritizing a common backlog to reduce risks and meet strategic needs. You will be accountable for delivering innovative and frictionless technologies and services to navigate cyber risks effectively. Collaboration with internal and external partners to develop technical solutions that meet business needs will be a key aspect of your responsibilities. Additionally, you will define, operate, and mature business services supporting the adoption and tuning of protections. Oversight of WASP end-to-end and ensuring regulatory compliance and risk management outcomes are maintained will be crucial. You will also lead and manage a team of skilled professionals, fostering a culture of empowerment, experimentation, learning, and partnership. To succeed in this role, you should have hands-on experience in designing and implementing web application protection strategies, a robust understanding of industry cybersecurity frameworks, and expertise in web application and API security. Strong analytical skills, experience in technology leadership roles, and knowledge of risk and control management frameworks are essential for this position. Joining HSBC as the Head of Web Application and API Protection will provide you with the opportunity to make a significant impact in maintaining a secure technology and data infrastructure. If you are looking to further develop your career in cybersecurity and technology leadership, HSBC is the place for you. For more information and to explore career opportunities at HSBC, visit www.hsbc.com/careers. Please note that personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, available on our website.,

You should have 7 to 9 years of security experience, preferably in a matrix-driven corporate environment. Experience with WAF Operations is mandatory, and Email Security is secondary. You should have security experience with any WAF provider, including API definitions, custom rules, writing bot management rules, and analyzing traffic logs. Proven experience in troubleshooting and simulating HTTP client requests using tools like curl, postman, and HAR file analysis is required. A strong understanding of core networking concepts like TCP/IP, DNS, HTTP, proxy, load balancing, etc., is essential. Functional experience with Splunk, SIEM, or other log aggregation & analysis technologies is desired. Experience with cloud solutions such as AWS or other IaaS/PaaS/SaaS environments is a plus. You should be able to interact effectively with both technical and non-technical staff, including management and executives, and articulate technical material in business terms. A functional understanding of network controls and policies to prevent cyber threats is necessary. Familiarity with security controls like WAF tuning, Bot management, API protection, network policy governance, troubleshooting, and incident response is important. Knowledge of criminal activities and the attacks that may occur in each layer of the OSI model is preferred. You should have the ability to make information security risk determinations based on intelligence analysis and understand cyber threats, malicious cyber threat actor motivations, and capabilities relevant to regions of interest. The shift timings for this role are as follows: - Weekend Shift - Weekdays: Between 8AM to 11PM,