Job Title: Security Consultant – WAF, Proxy, DLP, VAPT, and Digital Security Assessment
Location: Dubai
Job Type: Contract
Reports to: Security Lead / Digital Security Manager
Job Summary:
We are seeking a skilled Security Consultant to lead and coordinate critical security assessments and projects, bringing expertise in Web Application Firewalls (WAF), Proxies, Data Loss Prevention (DLP), Vulnerability Assessment and Penetration Testing (VAPT), and internal security assessments for both web and mobile applications. The ideal candidate will collaborate closely with internal teams and stakeholders to ensure the security and compliance of our digital assets, utilizing Forcepoint for Proxy and DLP, and F5 for WAF.
Key Responsibilities:
- WAF Implementation and Management
- Oversee the configuration and management of F5 Web Application Firewalls (WAF) to protect digital assets.
- Perform regular reviews and updates of WAF policies and rules based on evolving threats and application changes.
- Collaborate with development and IT teams to resolve false positives and optimize WAF performance.
- Proxy Management
- Implement and manage Forcepoint Proxy to control and monitor web traffic.
- Regularly assess proxy configurations to ensure adherence to security policies and prevent unauthorized access.
- Collaborate with IT to troubleshoot proxy-related issues and optimize performance.
- Data Loss Prevention (DLP)
- Utilize Forcepoint DLP to implement data protection strategies and prevent data leaks.
- Conduct risk assessments to identify data loss vectors and implement controls.
- Develop data classification and handling guidelines with relevant departments.
- Vulnerability Assessment and Penetration Testing (VAPT) Coordination
- Plan, coordinate, and conduct regular VAPT activities for web and mobile applications.
- Analyze findings from VAPT and provide actionable recommendations for risk mitigation.
- Engage third-party security vendors when necessary and ensure testing aligns with industry best practices.
- Internal Security Assessments
- Conduct security assessments and audits on internal applications and systems, especially in the digital domain.
- Develop assessment plans, perform risk analysis, and provide clear reporting on assessment results and remediation plans.
- Compliance and Documentation
- Ensure compliance with industry standards, regulations, and internal policies.
- Document security processes, incident responses, and findings from assessments and tests.
- Maintain updated records of digital security protocols and practices.
- Collaboration and Stakeholder Management
- Work with IT, development, legal, and compliance teams to implement and monitor security controls.
- Serve as the primary point of contact for coordinating security assessments with stakeholders.
- Conduct training and awareness sessions on security best practices for relevant stakeholders.
Qualifications and Skills:
- Educational Background: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Relevant certifications (e.g., CEH, OSCP) are preferred.
- Experience:
- 5+ years of experience in cybersecurity, specifically in WAF, Proxy, DLP, VAPT, and security assessments for web and mobile applications.
- Proven track record in coordinating VAPT activities and managing third-party security vendors.
- Technical Skills:
- Experience with Forcepoint Proxy and DLP, F5 WAF, and VAPT tools (e.g., Burp Suite, OWASP ZAP).
- Familiarity with security standards and frameworks (e.g., OWASP, ISO 27001, PCI-DSS).
- Understanding of vulnerability scanning, risk assessment methodologies, and secure coding practices.
- Optional: Knowledge of DevSecOps practices and tools is a plus.
- Soft Skills:
- Strong communication and coordination skills to work effectively across departments.
- Analytical mindset and problem-solving abilities.
- Ability to document findings and communicate in both technical and non-technical terms.
Preferred Qualifications:
- Certifications: CEH, OSCP, or other relevant security certifications.
- Industry Experience: Prior experience in digital security assessment within financial, retail, or healthcare industries.