WAF & Application Security SME

Job DescriptionJob Title: WAF & Application Security SMELocation: Birmingham (Hybrid - 60% office/40% home, 3 days in the office mandatory)Salary/Rate: 480 Per Day - Inside IR35Start Date: 15/09/2025End Date: 15/09/2026Job Type: ContractCompany IntroductionWe have an exciting opportunity for a skilled Web Application Firewall (WAF) & Application Security Subject Matter Expert to join a high-profile programme. This role is pivotal in enhancing and tuning WAF solutions across a variety of applications to improve security posture and protect against advanced web-based threats.Job Responsibilities/ObjectivesYou will be responsible for designing, testing, tuning, and implementing advanced WAF configurations, ensuring maximum efficacy while avoiding outages or bypasses.Craft, test, and deploy complex custom WAF rules to mitigate security gaps and improve overall protection.Conduct detailed log analysis to identify and reduce false positives, optimising rule sets for accuracy and performance.Provide SME-level guidance on web and API-based attack methodologies, evasion techniques, and mitigation strategies.Support DevSecOps pipeline integration for automated WAF efficacy testing.Maintain comprehensive documentation for tuning procedures, policies, and configurations.Stay ahead of emerging web security threats and trends to continuously enhance protection measures.Required Skills/ExperienceExtensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles.Proven ability to proactively identify and mitigate false positives.Background in SOC, CSIRT, AppSec, or Ethical Hacking with hands-on log analysis experience.Proficiency in analysing traffic patterns using tools such as Splunk, Wireshark, or custom scripts.Experience working with at least three major WAF vendors (eg, Akamai, F5, AWS, GCP).Familiarity with the OWASP Top 10 and modern web attack techniques.Desirable Skills/ExperienceExperience in DevSecOps practices and pipeline automation.Security engineering expertise alongside WAF specialism.Experience reverse-engineering exploits to develop mitigation rules.Strong cross-functional collaboration skills for integrating WAF solutions into existing security infrastructure.If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.Disclaimer Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies. Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.

Created: 2025-08-08