Security Engineer - WAF Tuning

Contract: Security Engineer - WAF Tuning
Start Date: ASAP
Duration: 3 months (extendable)
Location: Hybrid (On site in Sheffield/Birmingham or Edinburgh 3 days a week)
Rate: Negotiable depending on experience (deemed inside IR35)
Reference: 19542

*The primary role is to tune WAF accurately and safely*

Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning and efficacy testing across F5 and cloud-native WAFs (covering at least two out of three major CSPs: AWS, Azure, GCP). A focus on tuning rules, analysing data, reducing false positives, and validating control efficacy in production-like conditions.

Scope Includes:

• SOC/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except
• Ideally some AppSec/DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must be familiar with the OWASP Top 10
• If they have Hands-on tuning experience with F5.
• Custom rule creation, OWASP rule tuning (especially for F5), false positive reduction.
• Log analysis and data-driven tuning based on real traffic.
• Support for cloud-native WAF tuning (all three Cloud providers) -not deployment or infra setup.
• Efficacy testing in partnership with the internal team - recommend adjustments based on findings.
• Well-rounded profiles with real-world exposure -not theoretical or solely vendor-trained.
• Security Engineering skills too, this a bonus

Background check completion prior to contract commencement will be required

Must be eligible to work in UK for duration of the project

Networking People (UK) is acting as an Employment Business in relation to this vacancy.