Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design, test, and implement advanced WAF configurations to enhance security.
- Company: Join a dynamic team focused on web application security in Sheffield.
- Benefits: Work 3 days a week onsite with opportunities for professional growth.
- Why this job: Be at the forefront of web security, making a real impact on safety.
- Qualifications: Experience in SOC, AppSec, or Ethical Hacking; hands-on with major WAF platforms required.
- Other info: Stay updated on the latest web security trends while collaborating with diverse teams.
The predicted salary is between 36000 - 60000 £ per year.
Job Description
About the Role
We are seeking a highly skilled WAF Engineer to join our security engineering team and take responsibility for the configuration, tuning, monitoring, and optimisation of our Web Application Firewall (WAF). The successful candidate will work closely with developers, security analysts, and infrastructure teams to ensure applications remain protected against advanced web threats while minimising false positives and supporting business operations.
This role requires deep hands-on expertise in WAF technologies, advanced knowledge of application security threats (OWASP Top 10, XSS, SQLi, XXE, etc.), and the ability to fine-tune WAF rules without compromising overall security posture.
Key Responsibilities
- Configure, manage, and tune WAF rules to balance strong security controls with minimal false positives.
- Collaborate with development teams to create precise parameter-level exceptions and avoid unnecessary rule suppression.
- Monitor WAF logs, identify potential threats, and respond to security incidents in Real Time.
- Analyse traffic patterns and investigate anomalies, such as spikes in error codes or unusual request behaviour.
- Develop and implement strategies to mitigate attacks, including automated threats, scraping, path traversal, XXE, and SQL injection.
- Document WAF policies, exceptions, and processes, ensuring knowledge is shared across the team.
- Partner with security operations, SOC analysts, and developers to ensure WAF is aligned with application updates and new releases.
- Support threat modelling, security testing, and vulnerability assessments with a WAF focus.
Required Skills & Experience
- Strong expertise with Web Application Firewalls (eg, F5 ASM/Advanced WAF, Imperva, Akamai Kona, Cloudflare, AWS WAF, Azure WAF).
- Deep understanding of OWASP Top 10 and web attack techniques, including XSS, SQLi, XXE, SSRF, and path traversal.
- Hands-on experience tuning WAFs to allow business functionality while preventing exploitation.
- Solid knowledge of HTTP, HTTPS, XML, JSON, REST APIs, and web application behaviours.
- Experience in analysing logs and traffic anomalies to detect attacks or misconfigurations.
- Familiarity with secure SDLC processes and working with DevOps teams.
- Strong communication and stakeholder management skills.
- Certifications such as GIAC GWAPT, CEH, OSWE, or vendor-specific WAF certifications are desirable
WAF SME employer: Talent Smart Limited
Contact Detail:
Talent Smart Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land WAF SME
✨Tip Number 1
Make sure to showcase your hands-on experience with WAF platforms like Akamai, F5, AWS, or GCP during any discussions. Highlight specific projects where you designed or implemented WAF rules, as this will demonstrate your practical knowledge and expertise.
✨Tip Number 2
Familiarise yourself with the latest web security threats and trends before your interview. Being able to discuss current challenges in web application security will show that you're proactive and knowledgeable, which is crucial for this role.
✨Tip Number 3
Prepare to discuss your experience with log analysis tools like Splunk or Wireshark. Be ready to explain how you've used these tools to fine-tune WAF configurations and mitigate false positives, as this is a key responsibility of the role.
✨Tip Number 4
Demonstrate your ability to work collaboratively by sharing examples of how you've integrated WAF solutions into broader security frameworks. This will highlight your teamwork skills and your understanding of the bigger picture in security operations.
We think you need these skills to ace WAF SME
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in WAF engineering, SOC, CSIRT, or Application Security. Emphasise hands-on experience with major WAF platforms like Akamai, F5, AWS, or GCP.
Craft a Strong Cover Letter: In your cover letter, explain why you are passionate about web application security and how your skills align with the responsibilities of the role. Mention specific projects or experiences that demonstrate your expertise in WAF configurations and log analysis.
Showcase Technical Skills: Include specific technical skills related to WAF, such as log analysis tools (e.g., Splunk, Wireshark) and scripting abilities. Highlight any experience with automation pipelines and DevSecOps practices.
Research Current Trends: Stay informed about the latest web security threats and trends. Mention any recent developments in your application to show your proactive approach and commitment to staying updated in the field.
How to prepare for a job interview at Talent Smart Limited
✨Showcase Your Technical Expertise
Be prepared to discuss your hands-on experience with WAF platforms like Akamai, F5, AWS, or GCP. Highlight specific projects where you designed and implemented custom WAF rules, as this will demonstrate your capability to handle the responsibilities of the role.
✨Demonstrate Problem-Solving Skills
Expect questions about how you've identified and mitigated false positives in the past. Share examples of how you analysed logs and fine-tuned WAF configurations to improve security posture, showcasing your analytical skills and attention to detail.
✨Stay Current on Security Trends
Familiarise yourself with the latest web security threats and trends. Being able to discuss recent developments in the field will show your proactive approach and commitment to staying informed, which is crucial for the role.
✨Communicate Effectively
Prepare to explain complex technical concepts in a way that non-technical audiences can understand. This skill is essential, as you'll need to collaborate with various teams and provide expert support on WAF-related matters.
