Akamai WAF Subject Matter Expert

Akamai WAF Subject Matter Expert

Outside IR35 Up to £600 per day.

London based – hybrid

Role Overview:

We are seeking an experienced Subject Matter Expert (SME) in Akamai Web Application Firewall (WAF) to join our information security team. You will be responsible for the end-to-end management, optimization, and strategic oversight of Akamai WAF solutions, ensuring robust protection for our web applications in a highly regulated insurance environment. This is a hands-on technical role with a strong consultative and collaborative element.

1. Key Responsibilities:

• Design, implement, configure, and maintain Akamai WAF policies and rulesets to protect public-facing applications against evolving web threats.
• Analyze web behaviour and performance, establishing baselines and thresholds for application security and availability.
• Lead the onboarding of new web services onto the Akamai WAF platform, including transitions from monitoring to enforcement modes.
• Perform ongoing policy tuning and rule optimization to minimize false positives and maximize legitimate traffic flow.
• Monitor, investigate, and respond to WAF alerts, logs, and incidents, including vulnerability identification and mitigation.
• Collaborate with IT, DevOps, and business teams to integrate WAF controls seamlessly across on-premises and cloud environments.
• Ensure compliance with internal security policies, insurance industry regulations, and audit requirements.
• Document configurations, standards, and best practices; provide training and guidance to team members.
• Stay abreast of the latest security threats and Akamai platform updates, advising on improvements and emerging best practices.

Essential Skills & Experience:

• Extensive hands-on experience with Akamai WAF (Kona Site Defender) in large-scale, regulated environments (preferably financial or insurance sectors).
• Deep knowledge of web application security principles, OWASP Top 10, and DDoS mitigation.
• Proficient in designing and tuning WAF rules, managing false positives, and integrating with DevOps/CI-CD pipelines.
• Strong understanding of network security architectures (firewalls, proxies, DNS, DMZ).
• Experience with cloud platforms (AWS, Azure) and hybrid deployments.
• Familiarity with regulatory frameworks relevant to insurance and financial services (e.g., Lloyd’s, PRA, FSA) is highly desirable.
• Excellent communication and stakeholder management skills; ability to translate technical concepts for non-technical audiences.
• Experience with Akamai APIs for automation and reporting is a plus.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Relevant certifications (e.g., Akamai Certified Professional, CISSP, CISM, or similar) are advantageous.