Web Application Security Engineer APAC

• Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
• Enhance the security of web applications and APIs by implementing advanced protective measures on the WAF and configuring custom application-specific security policies
• Onboard new web applications and APIs onto the WAF infrastructure, ensuring seamless integration and optimal security
• Evaluate new or changed business requirements and assess their feasibility, as well as their impact on surrounding systems, standards, and guidelines
• Troubleshoot technical issues related to WAF, identifying root causes and developing effective solutions
• Participate in the 2nd and 3rd level support organization, providing on-duty support and collaborating with other teams to resolve incidents
• Continuously improve the service reliability, security, performance, monitoring, and automation of the WAF infrastructure, with a focus on enhancing overall system availability and efficiency

• Various IT functions, both regionally and globally
• Local Legal and Compliance functions

• Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
• CRO functions – including Business Operational Risk, Information Security and Compliance functions
• Global functions – IT Security Solutions, Security Architecture
• Establish strong relationship with key stakeholders and across the internal IT

• Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations

• Rank: AD

• Profound understanding of security best practices of web applications and APIs
• Solid understanding of web communication protocols such as HTTP, TLS, Websocket, etc
• Hands-on operational experience with highly available and scalable web infrastructure
• Hands-on experience with operating WAF or reverse-proxy solutions such as F5, Imperva, Nevis, Cloudflare, or open-source alternatives like ModSecurity
• Experience in software engineering (Java, Spring Boot, React, Typescript) and operational experience with Kubernetes-based environments
• Strong troubleshooting and structured problem-solving skills
• Skilled in log analytics and correlation, with hands-on experience in Splunk, Elastic or similar toolings, to investigate incidents and identify root causes
• Familiarity with the implementation of authentication and federation mechanisms such as SAML, OAuth and OIDC and FIDO
• Good technical foundation of Linux operating systems and its command line tools
• Relevant academic background (e.g., Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired

• Team player, strong collaborator with the willingness to take ownership
• Excellent communication skills in spoken and written form
• Strong desire to learn and develop new skills
• Methodical and results-driven approach to new challenges and tasks
• Independent and self-driven
• Ability to thrive in a globally distributed team environment

• Good understanding of the technology regulatory framework in Singapore and Hong Kong

Julius Baer