WAF Tuning & Security Analyst

We are seeking a highly skilled and security-focused professional to take ownership of Web Application Firewall (WAF) tuning. The primary responsibility is to ensure WAF configurations are accurate and safe-preventing outages and avoiding bypass scenarios. This is a hands-on role requiring deep expertise in threat analysis and web application security.

Key Responsibilities:

• Precisely tune WAF policies to balance protection and availability.
• Analyse security logs to identify true positives, false positives, and tuning opportunities.
• Collaborate with SOC, CSIRT, and engineering teams to improve detection and response.
• Apply deep understanding of web application threats and OWASP Top 10 vulnerabilities.
• Develop and implement exception strategies without compromising security posture.

Required Experience:

• Strong background in SOC, Threat Intelligence, Forensics, or CSIRT
• Proven ability to analyse logs and security events with speed and accuracy.
• Experience in identifying and validating threat patterns and tuning techniques.
• Solid understanding of Web Application Security
• Familiarity with OWASP Top 10 and common attack vectors.
• Experience in AppSec, DevSecOps, or Ethical Hacking is highly desirable.

Bonus Skills:

Security Engineering experience (e.g., building detection rules, automation, or infrastructure hardening).

Ideal Candidate Profile:

• Analytical mindset with a passion for precision in security controls.
• Able to work independently and collaboratively in a fast-paced environment.
• Strong communication skills to explain technical findings to non-technical stakeholders

The role can be fully remote. Applicants must be able to engage through a UK umbrella company, contract will be inside IR35.