Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Enhance web security by crafting custom WAF rules and performing log analysis.
- Company: Join HOK Consulting, a leader in connecting IT talent with exciting opportunities in banking and finance.
- Benefits: Enjoy a hybrid work model and the chance to work on cutting-edge security projects.
- Why this job: Be at the forefront of cybersecurity, making a real impact in protecting web applications.
- Qualifications: Experience with WAFs, SOC/CSIRT, and knowledge of OWASP Top 10 is essential.
- Other info: This is a contract role ideal for mid-senior level professionals.
The predicted salary is between 36000 - 60000 ÂŁ per year.
Information Security Engineer (WAF Focused)
Information Security Engineer (WAF Focused)
1 day ago Be among the first 25 applicants
Get AI-powered advice on this job and more exclusive features.
Direct message the job poster from HOK Consulting – Technical Recruitment Consultancy
I introduce talented IT Professionals to exciting contract opportunities within Banking & Financial Services
Job Title: Information Security Engineer – WAF & Threat Detection
Location: Hybrid (x3 days from Sheffield)
Visa: No sponsorship available and No PSW visa
We\’re seeking a skilled Information Secuirty Engineer with strong WAF experience to enhance the efficacy and security posture of our Web Application Firewalls across multiple platforms. The role involves crafting custom WAF rules, performing in-depth log analysis, and driving tuning and optimization to reduce false positives and ensure robust protection.
Key Responsibilities:
- Develop, test, and implement custom WAF rules and tuning strategies
- Conduct efficacy testing and integrate results into CI/CD pipelines
- Perform detailed log analysis to identify and mitigate false positives
- Provide SME support on Web & API attack methods, evasions, and mitigations
- Support DevSecOps teams in automation and security pipeline integration
- Stay updated with evolving web threats and deliver security recommendations
Ideal Background:
- SOC / CSIRT / Threat Hunting or Security Forensics experience
- AppSec / Ethical Hacking expertise with knowledge of OWASP Top 10
- Hands-on experience with 3+ WAF vendors (e.g., AWS, Akamai, F5, GCP)
- Security Engineering or DevSecOps experience is a plus
Seniority level
-
Seniority level
Mid-Senior level
Employment type
-
Employment type
Contract
Job function
-
Job function
Information Technology
-
Industries
Computer and Network Security, IT Services and IT Consulting, and IT System Custom Software Development
Referrals increase your chances of interviewing at HOK Consulting – Technical Recruitment Consultancy by 2x
Sign in to set job alerts for “Information Security Engineer” roles.
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Information Security Engineer (WAF Focused) employer: HOK Consulting - Technical Recruitment Consultancy
Contact Detail:
HOK Consulting - Technical Recruitment Consultancy Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Engineer (WAF Focused)
✨Tip Number 1
Familiarise yourself with the specific WAF technologies mentioned in the job description, such as AWS, Akamai, and F5. Having hands-on experience or even a solid understanding of these platforms will give you an edge during discussions.
✨Tip Number 2
Stay updated on the latest web threats and vulnerabilities, particularly those related to the OWASP Top 10. This knowledge will not only help you in interviews but also demonstrate your commitment to the field.
✨Tip Number 3
Network with professionals in the Information Security field, especially those who work with WAFs. Engaging in relevant forums or LinkedIn groups can provide insights and potentially lead to referrals.
✨Tip Number 4
Prepare to discuss your experience with log analysis and tuning strategies in detail. Be ready to share specific examples of how you've reduced false positives in previous roles, as this is a key responsibility for the position.
We think you need these skills to ace Information Security Engineer (WAF Focused)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience with Web Application Firewalls (WAF) and any relevant security engineering roles. Use specific examples of custom WAF rules you've developed or log analysis you've performed.
Craft a Strong Cover Letter: In your cover letter, emphasise your hands-on experience with various WAF vendors and your understanding of web threats. Mention how your background in SOC, CSIRT, or threat hunting aligns with the job requirements.
Showcase Relevant Skills: Clearly list your skills related to AppSec, ethical hacking, and familiarity with the OWASP Top 10. This will demonstrate your technical expertise and suitability for the role.
Proofread Your Application: Before submitting, carefully proofread your application for any spelling or grammatical errors. A polished application reflects your attention to detail, which is crucial in the field of information security.
How to prepare for a job interview at HOK Consulting - Technical Recruitment Consultancy
✨Showcase Your WAF Expertise
Make sure to highlight your experience with various WAF vendors like AWS, Akamai, and F5. Be prepared to discuss specific projects where you developed custom WAF rules and how they improved security.
✨Demonstrate Log Analysis Skills
Prepare to talk about your approach to log analysis. Share examples of how you've identified and mitigated false positives in the past, as this is crucial for the role.
✨Stay Updated on Web Threats
Research the latest web threats and vulnerabilities, especially those related to the OWASP Top 10. Being knowledgeable about current trends will show your commitment to the field.
✨Engage with DevSecOps Practices
Discuss your experience with CI/CD pipelines and how you've integrated security measures into them. This will demonstrate your ability to work collaboratively with DevSecOps teams.
