We are currently looking for a WAF and Application Security SME to join an existing team at one of our retail banking clients.

The role will be working on the enhancement of a Web Application Firewall across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF uplifts.

This role involves a strong focus on WAF Efficacy and security posture uplift by crafting efficacy testing custom rules and configurations; additionally, the role will cover WAF tuning via detailed log analysis, false positive detection and mitigation, and making tuning and configuration recommendations. The ideal candidate will have experience in SOC or CSIRT and AppSec or Ethical Hacking for in-depth log analysis and have previously worked with at least three major WAF vendors such as Akamai, F5, AWS, GCP, etc.

Key Responsibilities

Identification and crafting of complex custom WAF rules and features to mitigate MVP and security posture gapsCrafting efficacy testing for baseline and custom rules and features and integrating testing in the automation pipelinesProviding SME support for other security testing such as WAF PoCs, new features and solutions - with a potential cost saving if we use in-house resource instead of 3rd party vendorsProviding WAF focused SME support and advice on Web and API based attack methodologies, evasions and mitigation techniquesProviding DevSecOps SME and pipeline build support for the automation worksMonitor and review all tuning requests.Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance.Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations.Develop, test, and recommend WAF policies and rules tailored to specific applications and environments.Proactively assist with identifying false positivesCollaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure.Provide recommendations for WAF configuration based on best practices and security requirements.Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards.Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness.

Key AccountabilitiesHelp defend the organization and its customers from web based attacks that could cause substantial harm to the company''s operations, reputation, and customersConduct detailed analyses and technical evaluations of various Web Application Firewall (WAF) solution rulesets and functionalities to confirm adherence to agreed baselines and to maximize detection of web, API, and other traffic-based security threatsCreate custom rules and features where needed to augment WAF solutions to be able to meet the agree baselineIdentify and mitigate technical circumventions and evasions of WAF solutions.Develop and implement testing packages to assess the efficacy of various initiatives, including WAF Proofs of Concept, managed and custom rules, new features, and solutions.Facilitate the automation of efficacy testing procedures and their integration into Continuous Integration/Continuous Deployment (CI/CD) pipelines.Contribute to DevSecOps and pipeline construction projects.When needed, reverse-engineer attackers'' exploits and payloads to devise mitigation rulesEnsuring timely and accurate review and action on all WAF tuning requests.Conducting thorough log analyses to effectively identify and mitigate false positives, ensuring optimized WAF rules.Maintaining comprehensive and up-to-date documentation for all WAF tuning procedures, policies, and configurations.Developing and recommending tailored WAF policies and rules for various applications and environments.Proactively identifying and addressing false positives to enhance overall WAF accuracy.Collaborating effectively with cross-functional teams to integrate WAF solutions seamlessly into existing security infrastructure.Providing expert recommendations for WAF configurations based on best practices and current security requirements.Performing regular assessments and audits of WAF configurations to maintain optimal security posture and compliance with industry standards.Staying informed about the latest web security threats, vulnerabilities, and trends to ensure continuous enhancement of WAF effectiveness.

Experience RequiredExtensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles.Proven track record of proactively identifying and mitigating false positives to optimize WAF performance.Background in SOC or CSIRT and AppSec or Ethical Hacking, demonstrating hands-on experience for the key responsibilitiesProficiency in log analysis tools and techniques, with the ability to identify patterns and anomalies in web trafficExperience with tools such as Splunk, Wireshark, or custom scripts to process and analyse logs.Experience with at least three major WAF solutions (e.g., Akamai, F5, AWS, GCP) and an understanding of their unique configurations and capabilities.Strong analytical and problem-solving skills, with a keen attention to detail.Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders.Ability to develop, test, and recommend WAF policies and rules tailored to specific applications and environments.Experience collaborating with cross-functional teams to integrate WAF solutions into existing security infrastructure.Competence in maintaining comprehensive documentation for WAF tuning procedures, policies, and configurations.Extensive experience in configuring WAF solutions to align with best practices and security requirements.A proactive, detail-oriented individual who thrives in a dynamic, fast-paced environment and stays updated with the latest web security threats and trends.

Applicants must be able to work in the client office at least 2 days per week, either Edinburgh or Sheffield.

Contract will be inside IR35.

#LI-DNI#J-18808-Ljbffr