​Key Responsibilities

• Identification and crafting of complex custom WAF rules & features to mitigate MVP and security posture gaps

• Crafting efficacy testing for baseline & custom rules and features and integrating testing in the automation pipelines

• Providing SME support for other security testing such as WAF PoCs, new features and solutions – with a potential cost saving if we use in-house resource instead of 3rd party vendors

• Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques

• Providing DevSecOps SME & pipeline build support for the automation works

• Monitor and review all tuning requests.

• Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance.

• Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations.

• Develop, test, and recommend WAF policies and rules tailored to specific applications and environments.

• Proactively assist with identifying false positives

• Collaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure.

• Provide recommendations for WAF configuration based on best practices and security requirements.

• Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards.

• Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness.