Security Engineer - WAF SME

New Yesterday

Overview

Join to apply for the Security Engineer - WAF SME role at NP Group.

Contract: Security Engineer - WAF SME

Start Date: ASAP

Duration: 3 months (extendable)

Location: Remote

Rate: Negotiable depending on experience (deemed inside IR35)

Reference: 19542

The primary role is to tune WAF accurately and safely

Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning and efficacy testing across F5 and cloud-native WAFs (covering at least two out of three major CSPs: AWS, Azure, GCP). A focus on tuning rules, analysing data, reducing false positives, and validating control efficacy in production-like conditions.

Responsibilities

  • SOC / Threat / Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except
  • Ideally some AppSec / DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10
  • If they have Hands-on tuning experience with F5.
  • Custom rule creation, OWASP rule tuning (especially for F5), false positive reduction.
  • Log analysis and data-driven tuning based on real traffic.
  • Support for cloud-native WAF tuning (all three Cloud providers) - not deployment or infra setup.
  • Efficacy testing in partnership with the internal team - recommend adjustments based on findings.
  • Well-rounded profiles with real-world exposure - not theoretical or solely vendor-trained.
  • Security Engineering skills too, this a bonus

Background check completion prior to contract commencement will be required.

Must be eligible to work in UK for duration of the project.

Requirements

  • Relevant experience in WAF tuning and efficacy testing across F5 and cloud-native WAFs.
  • Experience with two of three major CSPs: AWS, Azure, GCP.
  • Deep knowledge of OWASP Top 10 and web application security.
  • Ability to analyse security logs to determine TP/FP opinions and optimize rules accordingly.
  • Hands-on tuning experience with F5 preferred.
  • Ability to create and tune custom rules and reduce false positives.
  • Experience with log analysis and data-driven decision making.
  • Eligibility to work in the UK for the project duration.

Networking People (UK) is acting as an Employment Business in relation to this vacancy.

#J-18808-Ljbffr
Apply
Location:
United Kingdom
Category:
IT & Technology