Web Application Firewall Specialist

Freelance B2B Contract, remote with occasional onsite requirements.

Ideal Candidate:

• KEY: Someone that has extensive experience with Web Application Security log analysis and that is derived from a Cyber SOC/CSIRT work background who is willing to up-skill into a WAF Engineering SME across CN WAF (AWS, Azure, GCP, Modsec) and Multi-Vendor WAF products (F5, Akamai etc.)

CORE SKILLS/TECHNICAL REQUIREMENT

• Strong experience with multiple WAF solutions for edge, cloud, and on-premise • Strong experience with cloud services and their WAF controls, ideally including one or more of the following: AWS, Azure, and GCP

• Strong understanding of Web Application security attack methods and mitigations • Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.

• Develop custom WAF rules and features, addressing gaps and enhancing overall security measures

• Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security.

• Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.

• Providing DevSecOps pipeline maintenance support for the automation works

• Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.

• Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.

• Experience in rate limiting techniques and their integration into security configurations

• Experience of version control and update mechanisms for WAF solutions

• Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.

• Experience interfacing with SOC during WAF related security incidents

• General connectivity / network issue management / service management experience

OTHER SKILLS

• Strong stakeholder management skills

• Attention to detail in analysing large data sets

• Excellent interpersonal skills with strong communication skills both written and verbally

• Experience working in Agile, or knowledge of the key principles of the methodology

• Previous experience working on either Information Security/Cyber Security/IT Security projects and Infrastructure projects would be desirable.