waf security engineer - London, United Kingdom - PURVIEW

    PURVIEW
    PURVIEW London, United Kingdom

    1 week ago

    Default job background
    Description

    Role:

    WAF Security EngineerLocation: Fully RemoteInside IR356 month initial Looking for experience with Akamai - WAF and DEVSECOPS.Our Financial Sector client is looking for an experienced Security Engineer who has experience working on projects that involve Web Application Firewall and Akamai.

    This contract offers remote working and is predicted to be a long term contract.


    Job Description:


    This role will play a critical role in enhancing our Web Application Firewall (WAF) across multiple solutions and applications and will be pivotal in crafting, testing, and implementing advanced WAF solutions.

    This role involves a strong focus on developing robust security measures against web-based attacks, contributing significantly to the security posture of our organization and achieving audits.

    Key ResponsibilitiesDevelop and refine complex custom WAF rules and features, ensuring mitigation of Minimum Viable Product (MVP) and security posture gaps.

    Coding expertise to create effective testing mechanisms for baseline and custom WAF rules, integrating these tests seamlessly into automation pipelines.

    Offer subject matter expert (SME) support in various security testing areas, including WAF Proofs of Concept (PoCs)Provide specialized WAF-focused advice on web and API attack methodologies, evasions, and mitigation techniques, leveraging your ethical hacking background.

    Contribute to DevSecOps / DevOps with security testing expertise to enhance the automation aspects of the project.

    Ideal Candidate ProfileStrong background in ethical hackingExtensive experience with web-based attack methodologies, including knowledge of tools, payloads, exploits, and countermeasures.

    Proficient in web application and API security.
    Skilled in identifying and mitigating WAF/IPS/CSPM security vulnerabilities.
    Expertise in developing custom WAF rules and security testing packages.
    Solid understanding of OWASP top 10 vulnerabilities.
    Proficiency in at least one programming languageAbility to automate security testing within CI/CD pipelines.
    Knowledgeable in networking, cloud firewalls, and web technologies.
    Strong grasp of DevSecOps principles and practices.
    Awareness of Agile methodologies