Senior Cybersecurity Analyst (WAF)

We are seeking a skilled and passionate Security Professional to join our team. The ideal candidate will be responsible for conducting vulnerability assessments, performing penetration testing, and driving the implementation of secure development practices and management of Web Application Firewalls to protect web applications from cyber threats. This role requires a strong understanding of security frameworks, emerging threats, and the ability to collaborate with cross-functional teams to ensure a robust security posture.

About you Experience & Qualification

• Strong expertise in vulnerability assessment, penetration testing, and security tools.
• Proficiency with WAF solutions such as AWS WAF, Cloudflare, F5, Imperva, etc.
• Ability to configure and customize WAF rulesets. Strong understanding of HTTP/HTTPS protocols.
• Proficiency in frameworks like MITRE ATT&CK, OWASP Top 10, and secure SDLC principles.
• Knowledge of automation tools for static and dynamic code analysis.
• Excellent threat modeling and risk assessment capabilities.
• Familiarity with SCA and SBOM controls.
• Strong documentation and reporting skills for both technical and non-technical audiences.
• Up-to-date knowledge of emerging threats, vulnerabilities, and security technologies.
• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
• 2+ years of experience in cybersecurity, vulnerability management, penetration testing and WAF security.
• Hands-on experience with security standards such as OWASP, NIST, ISO 27001.

It would be great if you also have

• Certifications like OSCP, CEH, or equivalent are highly desirable.
• Experience in incident response and post-breach analysis is a plus.

What will you be doing in this role.

• Conduct comprehensive vulnerability assessments on infrastructure, applications, and networks.
• Perform manual and automated penetration tests on web applications, APIs, mobile apps, and networks.
• Integrate security controls into CI/CD pipelines to ensure secure software development practices.
• Conduct in-depth security reviews of applications, including source code reviews and architecture analysis.
• Engage in threat modelling and risk assessment for critical assets.
• Support the development and implementation of secure coding practices and frameworks.
• Review and implement controls such as SCA (Software Composition Analysis) and SBOM (Software Bill of Materials).
• Deploy and configure WAF solutions such as AWS WAF, Cloudflare, F5 and Imperva.
• Customize WAF rulesets to meet the specific security needs of web applications.
• Monitor WAF security logs and alerts to detect and respond to potential threats.
• Conduct forensic analysis and respond to security incidents involving WAF.
• Document findings, write detailed reports, and present results to technical and non-technical stakeholders.
• Ensure compliance with industry security standards (e.g., OWASP, NIST, ISO 27001).
• Collaborate with cross-functional teams, including IT, DevOps, and compliance.

At Clarivate, we are committed to providing equal employment opportunities for all persons with respect to hiring, compensation, promotion, training, and other terms, conditions, and privileges of employment. We comply with applicable laws and regulations governing non-discrimination in all locations.