Senior WAF Security Engineer
Durham, North Carolina
WAF Security Engineer
Role Purpose
Responsibilities
As a direct report to the Head of Application Security Engineering, you will have the following accountabilities:
Skills and Experience
What to expect from Pearson
Did you know Pearson is one of the 10 most innovative education companies of 2022?
At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.
We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.
Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need.All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.
To learn more about Pearson's commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.
Job: TECHNOLOGY
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 15984
Role Purpose
- The Enterprise Application Security team is responsible for protecting Pearson's commercial digital products and data, our learner's data, and Pearson's internal applications. By employing a blend of technology, developer training, test integration, and process automation, the Application Security team's goal is to reduce our risks and provide ongoing Internet safe havens for our learners.
- This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions. This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization, and achieving audits.
Responsibilities
As a direct report to the Head of Application Security Engineering, you will have the following accountabilities:
- Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
- Ownership of all technical aspects tasks essential for passing WAF audits ensuring they are compliant and included in DevOps Automation processes, including aspects such as management plan access control traffic visibility, application of mitigative OWASP Top 10 based rules and features, versioning strategies for each WAF solution, etc.
- Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.
- Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)
- Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.
- Contribute security and technical knowledge alongside organizational skills to assist Cyber teams with effective WAF SIEM Use Cases
Skills and Experience
- Someone that has extensive experience with Web Application Security log analysis and that is derived from a Cyber SOC/CSIRT work background who is willing to up-skill into a WAF Engineering SME - AWS and Akamai
- Strong background in ethical hacking
- Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.
- Proficient in web application and API security.
- Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
- Expertise in developing custom WAF rules and security testing packages.
- Solid understanding of OWASP top 10 vulnerabilities.
- Proficiency in at least one programming language
- Ability to automate security testing within CI/CD pipelines.
- Knowledgeable in networking, cloud firewalls, and web technologies.
- Strong grasp of DevSecOps principles and practices.
- Awareness of Agile methodologies
What to expect from Pearson
Did you know Pearson is one of the 10 most innovative education companies of 2022?
At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.
We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.
Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need.All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.
To learn more about Pearson's commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.
Job: TECHNOLOGY
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 15984
Created: 2024-08-27
Reference: SwZHFNkpFCQC
Country: United States
State: North Carolina
City: Durham
ZIP: 27703
About Pearson
Founded in: 1844
Number of Employees: 32000
Website: https://www.pearson.com/en-us.html
Career site: https://pearson.jobs/
Instagram: https://www.instagram.com/pearsonitalia/
Facebook: https://www.facebook.com/PearsonStudium
Similar jobs:
-
Senior Product Security Engineer
Verily in San Bruno, North Carolina -
Application Security Engineer - Checkmarx
Experis in Charlotte, North Carolina -
Senior Network Security Engineer
Enpro Industries in Charlotte, North Carolina -
Technology Leadership Program - Risk & Security Engineering (NC)
Vanguard Group in Charlotte, North Carolina -
College to Corporate IT Internship - Risk & Security - Engineer (NC)
Vanguard Group in Charlotte, North Carolina -
Information Bravura Security Engineer 3 - 161821 TECH
Innova solutions in Charlotte, North Carolina -
Technical Manager - Cloud Security Engineering
Vanguard Group in Charlotte, North Carolina -
Senior Engineer, Information Security (DFIR) - Remote
GXO Logistics, Inc. in Remote, North Carolina -
AI Security Automation / DevSecOps Engineer
Lenovo in Morrisville, North Carolina -
Security Onboarding Engineer
Experis in Charlotte, North Carolina💸 $45 - $48 per hour -
Generative AI Security Engineer
Compunnel in Charlotte, North Carolina -
2025 Summer Intern: Security Engineer
SPECTRUM in Charlotte, North Carolina -
Security Engineer
Piper Companies in Raleigh, North Carolina💸 $120000 per year -
Information Security Engineer
Strategic Staffing Solutions in Charlotte, North Carolina -
Information Security Engineer
Experis in Charlotte, North Carolina -
Lead Information Security Engineer
Compunnel in Charlotte, North Carolina -
Security Operations Center Engineer
Parallel Partners in Huntersville, North Carolina -
DevSecOps Engineer--Security Visibility & Validation--S&TO
Cisco Systems Inc in RTP, North Carolina -
Sr. Network Engineer (Top Secret Security Clearance)
Piper Companies in Raleigh, North Carolina💸 $140000 - $165000 per year -
Security Engineer
Piper Companies in Raleigh, North Carolina💸 $90000 - $120000 per year