Description
Role Title: Engineer Cloud Service Provider WAF Engineer
Location: Hybrid/Sheffield (onsite 2 days per week)
Duration: Until 30/11/24
Inside IR35
Role Description:
Skills Required:
CORE SKILLS/TECHNICAL REQUIREMENT
Strong experience with multiple WAF solutions for edge, cloud, and on-premise
Strong experience with cloud services and their WAF controls, ideally including one or more of the following: AWS, Azure, and GCP
Strong understanding of Web Application security attack methods and mitigations
Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices.
Develop custom WAF rules and features, addressing gaps and enhancing overall security measures
Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security.
Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations.
Providing DevSecOps pipeline maintenance support for the automation works
Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge.
Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices.
Experience in rate limiting techniques and their integration into security configurations
Experience of version control and update mechanisms for WAF solutions
Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments.
Experience interfacing with SOC during WAF related security incidents
General connectivity/network issue management/service management experience
OTHER SKILLS
Strong stakeholder management skills
Attention to detail in analysing large data sets
Excellent interpersonal skills with strong communication skills both written and verbally
Experience working in Agile, or knowledge of the key principles of the methodology
Previous experience working on either Information Security/Cyber Security/IT Security projects and Infrastructure projects would be desirable.
Positively contribute and work to team objectives.
Self-starter, who can work pro-actively with minimum supervision