WAF Security Engineer - London, United Kingdom - RP International

Description

Fully remote 6 month rolling contract (inside IR35)This position is pivotal in enhancing our clients Web Application Firewall (WAF) for various solutions and applications.

It focuses on developing robust security measures against web-based attacks, significantly contributing to our organization's security posture and audit objectives.

Responsibilities:
Develop and refine custom WAF rules and features to mitigate security gaps.
Code effective testing mechanisms for baseline and custom rules, seamlessly integrating them into automation pipelines.

Provide subject matter expertise in security testing areas, including WAF Proofs of Concept (PoCs).Offer specialized advice on web and API attack methodologies, leveraging ethical hacking background.

Contribute to DevSecOps/DevOps with security testing expertise, enhancing project automation.


Accountabilities:
Utilise ethical hacking skills to safeguard against web-based attacks, protecting operations, reputation, and customer trust.
Conduct technical evaluations of WAF solution rulesets, focusing on detecting and preventing web and API security threats.
Develop custom WAF rules and features, addressing gaps and enhancing overall security.
Identify and counter technical strategies bypassing WAF solutions.
Design and implement testing protocols to evaluate security initiatives' effectiveness.
Facilitate integration of testing procedures into CI/CD pipelines.
Reverse-engineer attacker tactics to create effective mitigation rules.
Maintain secure documentation and reports for traceability and compliance.
Inform management about emerging threats and vulnerabilities, recommending countermeasures.
Communicate effectively with stakeholders, providing security-related updates