The WAF SME Engineer role calls for a skilled professional who can blend in-depth technical and security expertise with adept organisational skills to oversee and execute a range of critical tasks.

This role will suit a candidate who is not only technically proficient but also enjoys learning new technologies in as fast paced environment as well as driving continuous improvement and security excellence within these areas:

Key Accountabilities & Responsibilities

·      Ownership of all technical aspects tasks essential for passing WAF audits ensuring they are compliant and included in DevOps Automation processes, including aspects such as management plan access control, traffic visibility, application of mitigative OWASP Top 10 based rules and features, versioning strategies for each WAF solution, etc

·      Contribute security and technical knowledge alongside project management skills to assist with WAF exception tuning works and help addresses backlogs, in addition to assisting with the WAF Tuning Training Programme and if needed, solution design, across various vendor solutions

·      Contribute security and technical knowledge alongside organisational skills to assist Cyber teams with effective WAF SIEM Use Cases

·      Contribute to security automation efforts such as solution specific dashboards to build an overall picture per solution on WAF performance, security effectiveness and incorporation of audit compliance metrics

·      Provide SME assistance on the latest DevSecOps techniques to secure pipelines and cloud/native Dev and Test environments utilized by the project

Key Experience – Ideal Candidate Profile:

·      Strong technical and organisational skills, ideally with some Project Management experience

·      Strong experience with multiple WAF solutions for edge, cloud, and on-premise

·      Strong experience with cloud and cloud native services

·      Strong understanding of Web Application security attack methods and mitigations

·      Experience in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.

·      Experience with enterprise scale WAF deployments and audits and the discovery and provisioning of audit success prerequisites such as access control, versioning, certificates, rate limiting, SIEM connectors, rule sets and features

·      Skills in interfacing with SIEM Teams/SOC for WAF Use Case Development 

·      Experience in conducting educational sessions or training, with an emphasis on WAF tuning

·      Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security.

·      Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.

·      Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.

·      Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.

·      Experience in rate limiting techniques and their integration into security configurations

·      Experience of version control and update mechanisms for WAF solutions

·      Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.