We are seeking a highly skilled and security-focused professional to take ownership of Web Application Firewall (WAF) tuning. The primary responsibility is to ensure WAF configurations are accurate and safe—preventing outages and avoiding bypass scenarios. This is a hands-on role requiring deep expertise in threat analysis and web application security.
Key Responsibilities:
- Precisely tune WAF policies to balance protection and availability.
- Analyse security logs to identify true positives, false positives, and tuning opportunities.
- Collaborate with SOC, CSIRT, and engineering teams to improve detection and response.
- Apply deep understanding of web application threats and OWASP Top 10 vulnerabilities.
- Develop and implement exception strategies without compromising security posture.
Required Experience:
- Strong background in SOC, Threat Intelligence, Forensics, or CSIRT
- Proven ability to analyse logs and security events with speed and accuracy.
- Experience in identifying and validating threat patterns and tuning techniques.
- Solid understanding of Web Application Security
- Familiarity with OWASP Top 10 and common attack vectors.
- Experience in AppSec, DevSecOps, or Ethical Hacking is highly desirable.
Bonus Skills:
Security Engineering experience (e.g., building detection rules, automation, or infrastructure hardening).
Ideal Candidate Profile:
- Analytical mindset with a passion for precision in security controls.
- Able to work independently and collaboratively in a fast-paced environment.
- Strong communication skills to explain technical findings to non-technical stakeholders
The role can be fully remote. Applicants must be able to engage through a UK umbrella company, contract will be inside IR35.
#LI-DNI