WAF & Application Security SME

Job Title: WAF & Application Security SME
Location: Birmingham (Hybrid - 60% office/40% home, 3 days in the office mandatory)
Salary/Rate: £480 Per Day - Inside IR35
Start Date: 15/09/2025
End Date: 15/09/2026
Job Type: Contract

We have an exciting opportunity for a skilled Web Application Firewall (WAF) & Application Security Subject Matter Expert to join a high-profile programme. This role is pivotal in enhancing and tuning WAF solutions across a variety of applications to improve security posture and protect against advanced web-based threats.

• You will be responsible for designing, testing, tuning, and implementing advanced WAF configurations, ensuring maximum efficacy while avoiding outages or bypasses.
• Craft, test, and deploy complex custom WAF rules to mitigate security gaps and improve overall protection.
• Conduct detailed log analysis to identify and reduce false positives, optimising rule sets for accuracy and performance.
• Provide SME-level guidance on web and API-based attack methodologies, evasion techniques, and mitigation strategies.
• Support DevSecOps pipeline integration for automated WAF efficacy testing.
• Maintain comprehensive documentation for tuning procedures, policies, and configurations.
• Stay ahead of emerging web security threats and trends to continuously enhance protection measures.

• Extensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles.
• Proven ability to proactively identify and mitigate false positives.
• Background in SOC, CSIRT, AppSec, or Ethical Hacking with hands-on log analysis experience.
• Proficiency in analysing traffic patterns using tools such as Splunk, Wireshark, or custom scripts.
• Experience working with at least three major WAF vendors (eg, Akamai, F5, AWS, GCP).
• Familiarity with the OWASP Top 10 and modern web attack techniques.

• Experience in DevSecOps practices and pipeline automation.
• Security engineering expertise alongside WAF specialism.
• Experience reverse-engineering exploits to develop mitigation rules.
• Strong cross-functional collaboration skills for integrating WAF solutions into existing security infrastructure.

If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.

Disclaimer
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.

Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.