Security Engineer - WAF SME
Posted 5 days ago by NP Group
Negotiable
Inside
Remote
England, United Kingdom
Summary: The role of Security Engineer - WAF SME involves providing hands-on consultancy to enhance the efficacy and security of WAF systems, focusing on tuning and efficacy testing across various cloud platforms. The position requires deep knowledge of web application security, particularly the OWASP Top 10, and experience in log analysis and rule tuning. Candidates must have a strong background in security engineering and be eligible to work in the UK. This is a contract position with a duration of 3 months, extendable based on performance and needs.
Key Responsibilities:
- Tune WAF accurately and safely, focusing on F5 and cloud-native WAFs.
- Analyze security logs to reduce false positives and validate control efficacy.
- Create custom rules and tune OWASP rules, especially for F5.
- Support cloud-native WAF tuning across major cloud providers.
- Conduct efficacy testing in partnership with internal teams and recommend adjustments.
- Utilize real-world exposure and practical experience in security engineering.
Key Skills:
- Experience with WAF tuning and efficacy testing.
- Strong understanding of web application attacks and security.
- Deep knowledge of the OWASP Top 10.
- Hands-on experience with F5 and cloud-native WAFs.
- Ability to analyze logs and perform data-driven tuning.
- Background in SOC, Threat, Forensics, or CSIRT.
- AppSec, DevSecOps, or Ethical Hacking experience is a plus.
Salary (Rate): undetermined
City: undetermined
Country: United Kingdom
Working Arrangements: remote
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Contract: Security Engineer - WAF SME
Start Date: ASAP
Duration: 3 months (extendable)
Location: Remote
Rate: Negotiable depending on experience (deemed inside IR35)
Reference: 19542
The primary role is to tune WAF accurately and safely
Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning and efficacy testing across F5 and cloud-native WAFs (covering at least two out of three major CSPs: AWS, Azure, GCP). A focus on tuning rules, analysing data, reducing false positives, and validating control efficacy in production-like conditions.
Scope Includes:
- SOC / Threat / Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except
- Ideally some AppSec / DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10
- If they have Hands-on tuning experience with F5.
- Custom rule creation , OWASP rule tuning (especially for F5), false positive reduction.
- Log analysis and data-driven tuning based on real traffic.
- Support for cloud-native WAF tuning (all three Cloud providers) -not deployment or infra setup.
- Efficacy testing in partnership with the internal team - recommend adjustments based on findings.
- Well-rounded profiles with real-world exposure -not theoretical or solely vendor-trained.
- Security Engineering skills too, this a bonus
Background check completion prior to contract commencement will be required
Must be eligible to work in UK for duration of the project
Networking People (UK) is acting as an Employment Business in relation to this vacancy.