WAF Specialist / Engineer
đź“Ť London- Contract- Hybrid (3 days from WFO)
We’re looking for a Web Application Firewall (WAF) Specialist to strengthen our defenses across multiple applications and platforms. In this role, you’ll be designing, testing, and tuning advanced WAF solutions that protect our business and customers from evolving web-based threats.
This is a hands-on, high-impact position where you’ll combine your expertise in security operations, web application security, and WAF engineering to craft custom rules, analyze traffic, reduce false positives, and uplift our overall security posture.
What You’ll Do
Design and implement custom WAF rules and configurations to close security gaps.
Conduct log analysis and efficacy testing, identifying and mitigating false positives.
Support WAF PoCs, DevSecOps pipelines, and automation for scalable testing.
Act as an SME for web & API attack methodologies, evasions, and mitigations.
Collaborate with security, DevOps, and engineering teams to ensure seamless WAF integration.
Stay ahead of emerging web security threats and trends to continuously improve defenses.
What We’re Looking For
Strong experience in WAF management, tuning, and engineering.
Hands-on background in SOC, CSIRT, AppSec, or Ethical Hacking.
Skilled in log analysis (e.g., Splunk, Wireshark, or scripting for traffic analysis).
Experience with at least three major WAF vendors (Akamai, F5, AWS, GCP, etc.).
Ability to develop and optimize WAF policies tailored to diverse environments.
Strong analytical skills and excellent communication with technical & non-technical teams.
A proactive, detail-oriented mindset and passion for staying ahead of security threats