Jobs in Bristol, United Kingdom

Cyber WAF & Application Security SME
12 Month contract initially
Based: Remotely
Rate: £450 - £485 (via Umbrella company)

We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We a great opportunity for a number of Cyber WAF & Application Security SME's to join the team.

• SOC / Threat / Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except
• Ideally some AppSec / DevSecOps or Ethical Hacking experience - with a good understanding of Web Application attacks and security; they must be familiar with the OWASP Top 10
• Identification and crafting of complex custom WAF rules & features to mitigate MVP and security posture gaps.
• Crafting efficacy testing for baseline & custom rules and features and integrating testing in the automation pipelines.
• Providing SME support for other security testing such as WAF PoCs, new features and solutions - with a potential cost saving if we use in-house resource instead of 3rd party vendors.
• Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques.
• Providing DevSecOps SME & pipeline build support for the automation works
• Monitor and review all tuning requests.
• Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance.
• Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations.
• Develop, test, and recommend WAF policies and rules tailored to specific applications and environments.
• Proactively assist with identifying false positives.
• Collaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure.
• Provide recommendations for WAF configuration based on best practices and security requirements.
• Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards.
• Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness.

• Collaborating effectively with cross-functional teams to integrate WAF solutions seamlessly into existing security infrastructure.
• Providing expert recommendations for WAF configurations based on best practices and current security requirements.
• Performing regular assessments and audits of WAF configurations to maintain optimal security posture and compliance with industry standards.
• Staying informed about the latest web security threats, vulnerabilities, and trends to ensure continuous enhancement of WAF effectiveness.
• Extensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles.
• Proven track record of proactively identifying and mitigating false positives to optimize WAF performance.
• Background in SOC or CSIRT and AppSec or Ethical Hacking, demonstrating hands-on experience for the key responsibilities.
• Proficiency in log analysis tools and techniques, with the ability to identify patterns and anomalies in web traffic.
• Experience with tools such as Splunk, Wireshark, or custom scripts to process and analyse logs.
• Experience with at least three major WAF solutions (e.g., Akamai, F5, AWS, GCP) and an understanding of their unique configurations and capabilities.
• Strong analytical and problem-solving skills, with a keen attention to detail.
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders.
• Ability to develop, test, and recommend WAF policies and rules tailored to specific applications and environments.
• Experience collaborating with cross-functional teams to integrate WAF solutions into existing security infrastructure.
• Competence in maintaining comprehensive documentation for WAF tuning procedures, policies, and configurations.
• Extensive experience in configuring WAF solutions to align with best practices and security requirements.
• A proactive, detail-oriented individual who thrives in a dynamic, fast-paced environment and stays updated with the latest web security threats and trends.

This is an excellent opportunity on a great project of work. If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible.

LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.

Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.