Cloud RTB WAF Engineer

Job Title: Cloud RTB WAF Engineer Location: Hybrid – Sheffield (3 days/week Onsite) Duration: 6months+ 500GBP/Day Inside IR35 Summary: The Cloud RTB WAF Engineer will be working on the ECB Programme which aims to deploy WAF solutions on all Bank domain/names related to HBCE covering internet-facing and the internal web applications in order to meet the Bank’s regulatory requirement. The role is to work as part of the Run The Bank team where, using the Agile framework, you will work closely with Global Business Teams for Custom Rules and Exception handling, advise teams on False Positive analysis and Baseline policy updates. This role also requires maintaining communications / relationships with the Vendor teams when required as well as, the Bank Cloud Platform Leads. You will also be responsible for servicing existing and new requests for WAF, dealing with service issues and managing a number of requests at one time that will mean working closely with the Change Teams and other stakeholders to resolve any issues so that implementation can be as seamless as possible. DevSecOps support for maintaining automation pipeline and delivery works, identifying additional automation use cases for RTB to better streamline processes. They will form key relationships with senior stakeholders from the Business, Cloud Teams, Compliance and Cyber and will work closely with Project Managers; taking responsibility for early key risk identification, status reporting and escalation where required. Ideal Candidate: KEY: Someone that has extensive experience with Web Application Security log analysis and that is derived from a Cyber SOC/CSIRT work background who is willing to up-skill into a WAF Engineering SME across CN WAF (AWS, Azure, GCP, Modsec) and Multi-Vendor WAF products (F5, Akamai etc.) CORE SKILLS/TECHNICAL REQUIREMENT • Strong experience with multiple WAF solutions for edge, cloud, and on-premises • Strong experience with cloud services and their WAF controls, ideally including one or more of the following: AWS, Azure, and GCP • Strong understanding of Web Application security attack methods and mitigations • Proficiency in WAF tuning and configuration, coupled with a strong foundation in web security principles and practices. • Develop custom WAF rules and features, addressing gaps and enhancing overall security measures • Capability to design and implement bespoke WAF processes and documentation, underpinned by a thorough understanding of web application security. • Analytical skills to review and align platforms with MVP and Baseline Configurations, leveraging a deep knowledge of WAF functionalities and limitations. • Providing DevSecOps pipeline maintenance support for the automation works • Familiarity with IDAM protocols and access control measures for WAF management, informed by strong web security knowledge. • Understanding of HTTPS inspection, including Termination and Certificate management, grounded in robust web security practices. • Experience in rate limiting techniques and their integration into security configurations • Experience of version control and update mechanisms for WAF solutions • Competency in identifying and documenting platform and organizational logging options, with a focus on security implications and cloud environments. • Experience interfacing with SOC during WAF related security incidents • General connectivity / network issue management / service management experience OTHER SKILLS • Strong stakeholder management skills • Attention to detail in analysing large data sets • Excellent interpersonal skills with strong communication skills both written and verbally • Experience working in Agile, or knowledge of the key principles of the methodology • Previous experience working on either Information Security/Cyber Security/IT Security projects and Infrastructure projects would be desirable. Kind Regards -- Priyanka Sharma Senior Delivery Consultant Office: 02033759240 Email: psharma@vallumassociates.com