We are seeking an experienced Web Application Firewall (WAF) SME Consultant to join a high-priority program within a Tier One Bank focused on strengthening the security of its applications and infrastructure. In this role, you will provide expert-level guidance on WAF implementation, configuration, and management, collaborating closely with cybersecurity, network, and application teams to develop and enforce robust security measures that protect critical financial applications.

• WAF Strategy and Implementation: Design, configure, and implement WAF solutions to protect web applications across the bank's infrastructure. Provide expertise on best practices, security policies, and rule management.

• Threat Mitigation: Analyse and mitigate web-based threats by implementing and fine-tuning WAF rules to prevent application layer attacks, including SQL injection, cross-site Scripting (XSS), and other OWASP Top 10 vulnerabilities.

• Security Assessment and Optimisation: Conduct WAF security assessments and optimize configurations to reduce false positives and maintain optimal application performance without compromising security.

• Collaboration with IT and Security Teams: Work closely with the cybersecurity, application, and network teams to align WAF solutions with broader security strategies. Ensure WAF integrations meet business requirements and regulatory standards.

• Incident Response and Troubleshooting: Assist with incident response for WAF-related events, supporting the analysis and resolution of security incidents. Provide subject matter expertise during investigations.

• Documentation and Training: Create and maintain comprehensive documentation for WAF configurations, policies, and processes. Deliver training and knowledge transfer to internal teams to ensure effective WAF management post-implementation.

• Continuous Improvement: Stay up-to-date with the latest in WAF technology and web security threats, recommending enhancements and proactive measures to maintain a resilient WAF environment.

• Proven experience in implementing and managing Web Application Firewalls (WAF) within a large enterprise environment, ideally within financial services.

• Deep understanding of WAF technology, including leading platforms such as F5, Akamai, Imperva, or Cloudflare.

• Strong knowledge of common web vulnerabilities and attack vectors (eg, SQLi, XSS, CSRF) and how to protect against them using WAF policies and rules.

• Experience working within complex network architectures, with a strong grasp of network security, Firewalls, and load balancers.

• Familiarity with security standards and regulatory compliance frameworks relevant to banking and financial services (eg, PCI DSS, GDPR).

• Excellent troubleshooting skills, with experience supporting WAF configurations and incident response efforts.

• Strong communication skills, with the ability to work collaboratively across technical and business teams.

Preferred Skills:

• Certifications in WAF technologies or related cybersecurity credentials (eg, CEH, CISSP, GIAC).

• Scripting and automation skills (eg, Python, Shell) to support WAF configuration and rule automation.

• Experience with DevSecOps practices and tools, particularly in environments with CI/CD pipelines.

To arrange an immediate interview, please contact Philip Fanthom today