Web Application Firewall SME

Summary: The role of WAF & Application Security SME involves defending the organization and its customers from web-based attacks while providing expert recommendations and monitoring security measures. The successful candidate will be responsible for crafting custom WAF rules, conducting efficacy testing, and supporting DevSecOps initiatives. The position requires extensive experience in WAF management and a strong understanding of web application security principles. The role is primarily remote with occasional client workshops in Birmingham.

Key Responsibilities:

• Identification and crafting of complex custom WAF rules & features to mitigate MVP and security posture gaps
• Crafting efficacy testing for baseline & custom rules and features and integrating testing in the automation pipelines
• Providing SME support for other security testing such as WAF PoCs, new features and solutions - with a potential cost saving if we use in-house resource instead of 3rd party vendors
• Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques
• Providing DevSecOps SME & pipeline build support for the automation works
• Monitor and review all tuning requests.
• Help defend the organization and its customers from web based attacks that could cause substantial harm to the company's operations, reputation, and customers
• Conduct detailed analyses and technical evaluations of various Web Application Firewall (WAF) solution rulesets and functionalities to confirm adherence to agreed baselines and to maximize detection of web, API, and other traffic-based security threats
• Create custom rules and features where needed to augment WAF solutions to be able to meet the agree baseline
• Identify and mitigate technical circumventions and evasions of WAF solutions.
• Facilitate the automation of efficacy testing procedures and their integration into Continuous Integration/Continuous Deployment (CI/CD) pipelines.
• Contribute to DevSecOps and pipeline construction projects

Key Skills:

• Extensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles.
• Proven track record of proactively identifying and mitigating false positives to optimize WAF performance.
• Background in SOC or CSIRT and AppSec or Ethical Hacking, demonstrating hands-on experience for the key responsibilities
• Proficiency in log analysis tools and techniques, with the ability to identify patterns and anomalies in web traffic
• Experience with tools such as Splunk, Wireshark, or custom scripts to process and analyze logs.
• Experience with at least three major WAF solutions (eg, Akamai, F5, AWS, GCP) and an understanding of their unique configurations and capabilities.
• Strong analytical and problem-solving skills, with a keen attention to detail.
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders.
• Ability to develop, test, and recommend WAF policies and rules tailored to specific applications and environments.
• Experience collaborating with cross-functional teams to integrate WAF solutions into existing security infrastructure.
• Competence in maintaining comprehensive documentation for WAF tuning procedures, policies, and configurations.
• Extensive experience in configuring WAF solutions to align with best practices and security requirements.

Salary (Rate): undetermined

City: Birmingham

Country: UK

Working Arrangements: remote

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT