Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design, test, and implement advanced WAF configurations to enhance security.
- Company: Join a dynamic team focused on web application security in Sheffield.
- Benefits: Work 3 days a week onsite with opportunities for professional growth.
- Why this job: Be at the forefront of web security, making a real impact on safety.
- Qualifications: Experience in SOC, AppSec, or Ethical Hacking; hands-on with major WAF platforms required.
- Other info: Stay updated on the latest web security trends while collaborating with diverse teams.
The predicted salary is between 36000 - 60000 £ per year.
Job Description
PLEASE ONLY APPLY IF YOU CAN WORK 3 DAYS PER WEEK ONSITE IN SHEFFIELD
This role is central to strengthening and enhancing WAF capabilities across multiple applications. It involves designing, testing, and implementing advanced WAF configurations to improve security posture and detection efficacy.
Key responsibilities include building custom rules, analysing logs to fine-tune the WAF, mitigating false positives, and optimizing configurations. Ideal candidates should have a background in SOC, CSIRT, AppSec, or Ethical Hacking, with hands-on experience in at least three major WAF platforms such as Akamai, F5, AWS, or GCP.
Key Responsibilities
-
Design and implement complex custom WAF rules to address security gaps.
-
Develop and integrate efficacy testing for WAF rules into automation pipelines.
-
Provide expert support for WAF proof-of-concepts, new features, and cost-saving in-house solutions.
-
Offer security expertise on web and API-based attacks, evasions, and defenses.
-
Contribute to DevSecOps automation and CI/CD pipeline integration.
-
Review and act on tuning requests and WAF logs to identify and mitigate false positives.
-
Maintain documentation for tuning activities, policies, and configurations.
-
Develop WAF policies tailored to specific environments.
-
Collaborate with teams to integrate WAF into the wider security infrastructure.
-
Perform regular audits and ensure configurations align with best practices and compliance requirements.
-
Stay informed on the latest web security threats and trends.
Key Accountabilities
-
Protect web applications and data from attacks that could harm operations, reputation, or customer trust.
-
Analyze WAF rulesets and features to ensure they meet defined baselines and maximize threat detection.
-
Identify and resolve bypass techniques and evasions used by attackers.
-
Build and test mitigation rules based on real-world attack scenarios.
-
Automate testing procedures and integrate them into DevOps workflows.
-
Reverse-engineer exploits when necessary to craft defense rules.
-
Document all tuning procedures and maintain up-to-date configuration standards.
-
Provide actionable recommendations based on evolving threat landscapes.
Ideal Candidate Profile
-
Strong hands-on experience in WAF engineering, tuning, and operations.
-
Proven ability to identify and mitigate false positives.
-
Background in SOC/CSIRT, Application Security, or Ethical Hacking.
-
Skilled in log analysis tools (eg, Splunk, Wireshark) and Scripting for traffic review.
-
Experience with multiple WAF platforms (eg, Akamai, F5, AWS, GCP).
-
Strong analytical skills and attention to detail.
-
Excellent communication skills for both technical and non-technical audiences.
-
Able to craft and implement WAF policies specific to diverse applications.
-
Familiar with integrating WAF into broader security frameworks.
-
Proactive and up-to-date on current web security trends and threats.
WAF SME employer: Talent Smart Limited
Contact Detail:
Talent Smart Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land WAF SME
✨Tip Number 1
Make sure to showcase your hands-on experience with WAF platforms like Akamai, F5, AWS, or GCP during any discussions. Highlight specific projects where you designed or implemented WAF rules, as this will demonstrate your practical knowledge and expertise.
✨Tip Number 2
Familiarise yourself with the latest web security threats and trends before your interview. Being able to discuss current challenges in web application security will show that you're proactive and knowledgeable, which is crucial for this role.
✨Tip Number 3
Prepare to discuss your experience with log analysis tools like Splunk or Wireshark. Be ready to explain how you've used these tools to fine-tune WAF configurations and mitigate false positives, as this is a key responsibility of the role.
✨Tip Number 4
Demonstrate your ability to work collaboratively by sharing examples of how you've integrated WAF solutions into broader security frameworks. This will highlight your teamwork skills and your understanding of the bigger picture in security operations.
We think you need these skills to ace WAF SME
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in WAF engineering, SOC, CSIRT, or Application Security. Emphasise hands-on experience with major WAF platforms like Akamai, F5, AWS, or GCP.
Craft a Strong Cover Letter: In your cover letter, explain why you are passionate about web application security and how your skills align with the responsibilities of the role. Mention specific projects or experiences that demonstrate your expertise in WAF configurations and log analysis.
Showcase Technical Skills: Include specific technical skills related to WAF, such as log analysis tools (e.g., Splunk, Wireshark) and scripting abilities. Highlight any experience with automation pipelines and DevSecOps practices.
Research Current Trends: Stay informed about the latest web security threats and trends. Mention any recent developments in your application to show your proactive approach and commitment to staying updated in the field.
How to prepare for a job interview at Talent Smart Limited
✨Showcase Your Technical Expertise
Be prepared to discuss your hands-on experience with WAF platforms like Akamai, F5, AWS, or GCP. Highlight specific projects where you designed and implemented custom WAF rules, as this will demonstrate your capability to handle the responsibilities of the role.
✨Demonstrate Problem-Solving Skills
Expect questions about how you've identified and mitigated false positives in the past. Share examples of how you analysed logs and fine-tuned WAF configurations to improve security posture, showcasing your analytical skills and attention to detail.
✨Stay Current on Security Trends
Familiarise yourself with the latest web security threats and trends. Being able to discuss recent developments in the field will show your proactive approach and commitment to staying informed, which is crucial for the role.
✨Communicate Effectively
Prepare to explain complex technical concepts in a way that non-technical audiences can understand. This skill is essential, as you'll need to collaborate with various teams and provide expert support on WAF-related matters.
