Job Description
Contract: Security Engineer - WAF SME
Start Date: ASAP
Duration: 3 months (extendable)
Location: Remote
Rate: Negotiable depending on experience (deemed inside IR35)
Reference: 19542
**The primary role is to tune WAF accurately and safely**
Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning and efficacy testing across F5 and cloud-native WAFs (covering at least two out of three major CSPs: AWS, Azure, GCP). A focus on tuning rules, analysing data, reducing false positives, and validating control efficacy in production-like conditions.
Scope Includes:
1. SOC / Threat / Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except
2. Ideally some AppSec / DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10
3. If they have Hands-on tuning experience with F5.
4. Custom rule creation, OWASP rule tuning (especially for F5), false positive reduction.
5. Log analysis and data-driven tuning based on real traffic...