WAF Security SME

Job Title: WAF & Application Security SME
Location: Remote - UK
Contract: 6 months extendable contract

About the Role
A leading banking client is looking for a WAF & Application Security SME to strengthen its web security posture. The role focuses on improving Web Application Firewall (WAF) effectiveness, tuning configurations, and protecting applications from web-based threats. You will work closely with security, DevOps, and application teams to ensure WAF solutions are properly designed, tested, and maintained.

Key Responsibilities

• Design and implement custom WAF rules to close security gaps.
• Test and validate WAF policies, integrating them into CI/CD pipelines.
• Tune WAF rules by analysing logs, identifying false positives, and making adjustments.
• Support Proof of Concepts (PoCs) and new feature evaluations.
• Provide SME guidance on web and API attack techniques and mitigations.
• Collaborate with DevSecOps teams on automation and pipeline integration.
• Maintain clear documentation of WAF rules, procedures, and configurations.
• Monitor emerging web security threats and recommend improvements.
• Conduct regular reviews and audits of WAF configurations.

Ideal Candidate

• Strong experience in WAF management, tuning, and engineering.
• Background in SOC, CSIRT, Application Security, or Ethical Hacking.
• Hands-on experience with at least three major WAF vendors (eg, Akamai, F5, AWS, GCP).
• Skilled in log analysis using tools like Splunk, Wireshark, or Scripting.
• Good understanding of web application and API security principles.
• Strong problem-solving and analytical skills.
• Ability to explain technical issues to both technical and non-technical stakeholders.
• Proactive, detail-oriented, and up to date with the latest security threats.