WAF Security Engineer

Sorry, this advert is now closed. Click here to view our live vacancies.
We are currently looking for a WAF Security Engineer to join an existing team at one of our financial services clients.  The role will play a critical role in enhancing a Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.
This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits.
Responsibilities
  • Develop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.
  • Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.
  • Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)
  • Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.
  • Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.
 
Accountabilities
  • Utilize ethical hacking skills to safeguard the organization from web-based attacks, ensuring the protection of operations, reputation, and customer trust.
  • Conduct in-depth technical evaluations of WAF solution rulesets, focusing on detection and prevention of web and API security threats.
  • Develop custom WAF rules and features, addressing gaps and enhancing overall security measures.
  • Identify and counter technical strategies that bypass WAF solutions.
  • Design and implement testing protocols to evaluate the effectiveness of various security initiatives, including WAF rules and new features.
  • Facilitate the integration of testing procedures into CI/CD pipelines
  • Reverse-engineer attacker tactics to create effective mitigation rules.
  • Maintain and secure essential documentation and reports, ensuring traceability and compliance.
  • Inform the Management team about emerging threats and vulnerabilities, recommending countermeasures.
  • Communicate effectively with a range of stakeholders, providing updates on security-related matters
 
Skills and Experience
  • Strong background in ethical hacking
  • Extensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.
  • Proficient in web application and API security.
  • Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
  • Expertise in developing custom WAF rules and security testing packages.
  • Solid understanding of OWASP top 10 vulnerabilities.
  • Proficiency in at least one programming language
  • Ability to automate security testing within CI/CD pipelines.
  • Knowledgeable in networking, cloud firewalls, and web technologies.
  • Strong grasp of DevSecOps principles and practices.
  • Awareness of Agile methodologies

 

The role will be fully remote, applicants must be UK-based.

Contract will be inside IR35.

Contract
11 September 2024
SME
Apply