Web Application Firewall Senior Analyst

Deloitte Technology Cyber Risk Posted: 18-Jul-2022

Same job available in 7 locations

Dallas, Texas, United States

Houston, Texas, United States

Jacksonville, Florida, United States

Miami, Florida, United States

Nashville, Tennessee, United States

Orlando, Florida, United States

Tampa, Florida, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

Role Specific Responsibilities
· Provide analysis, design, and operational support of the Web Application Firewall service (WAF)
· Assist with issues that have been identified from member firms or platform diagnostics
· Review WAF security policy against Deloitte policies, standards, and best practice
· Respond to WAF requests to provide compliance validation for their approval
· Providing advanced consultation services with regards to WAF security policy, including potential workarounds to meet business needs in a secure manner
· Continually improve the security posture of Deloitte WAF protection.
· Participate and provide input in development of network WAF architecture.
· Define and adapt criteria for security reviews based on internal policy and standards.
· Perform periodic reviews of all WAF configurations to maintain compliance.
· Track remediation of findings by firewall compliance team.
· Act and communicate security project requests.
· Willingness to participate in vendor relationships and meetings.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.


Education (degree): Bachelor’s Degree or equivalent experience
Other (Explain): Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or Mathematics or equivalent experience
Years of Experience: 4+ years with minimum 3 years into web application protection
Technical Skills
· Strong background in security operations and security systems management
· Working knowledge of following frameworks and regulations: NIST Cybersecurity Framework, ISO 27001/2, SANS Top 20 Critical Security Controls, SOX and CFR-Part 11
· Solid understanding of common TCP/IP concepts, principles, operations, and controls
· Solid understanding of common firewall and WAF architectures, along with common vulnerabilities such as OWASP Top 10
· Solid understanding of network security WAF technologies, trends, vendors, processes, and methodologies, along with web architectures that would be protected by our offerings.
· Solid understanding of common firewall and WAF architectures and implementations.
· Strong understanding of basic protocols used by the internet, such as HTTP(S), DNS, TLS
· Solid understanding of basic networking concepts, such as routing, switching, firewall, and common enterprise security monitoring tools.
· Solid understanding of information security principles
· Solid understanding of information security policy enforcement
Experience with the following products are strongly preferred:
· Strong knowledge of web application support
· Knowledge of the Akamai, Imperva, RedShield, Radware, or other leading Web Application Protection platform
· Any experience with network-based VPN products, load balancers, as well as SIEM management tools is a plus.
Other Qualifications
· High degree of personal integrity and ethics as well as a passion for protecting people and systems
· Constantly striving for excellence using objective, transparent and agreed upon standards
· Excellent written and oral communication and presentation skills for leadership, technical and business audiences
· Industry-recognized security certifications (e.g., Cisco Certified Security Professional, Check Point Certified Security Administrator, Palo Alto Networks Certified Network Security Engineer.)

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.