WAF & Network Security Engineer

Role Overview

You will create, deploy, maintain, and troubleshoot WAF policies across F5 ASM and cloud platforms (Azure / AWS), acting as the organisation's primary defence against web-based threats. Working closely with development and security teams, you will design protective controls tailored to specific applications, reduce false positives, and continuously mature the organisation's protection posture.

Key Responsibilities

WAF & Application Security

• Configure and manage F5 ASM and cloud WAF policies (Azure / AWS) for new and existing web applications

• Review vulnerability findings and develop WAF virtual patching solutions to rapidly mitigate risk

• Monitor and analyse activity logs to detect malicious traffic and indicators of compromise

• Work with developers to implement protective controls customised for specific applications

• Interpret web protocol data to determine source, intent, and risk level of threat agents

• Review WAF usage and define improvements to mature protection policies

Vulnerability & Firewall Management

• Manage the end-to-end vulnerability lifecycle — assessment, reporting, and stakeholder remediation engagement

• Execute firewall change requests and resolve connectivity issues arising from firewall policies

• Provide preventative maintenance and rapid troubleshooting to ensure infrastructure and application stability

• Apply understanding of routing, NAT, ARP, and tools such as tcpdump to trace and resolve data-flow issues

• Review vulnerability scan output and assess where WAF configuration can be used to mitigate attacks

Operations & Reporting

• Utilise SIEM platforms to create custom security reports and operational dashboards

• Prepare regular reports including monthly firewall / WAF log reviews and rules reviews

• Participate in technical design activities to identify infrastructure impact and ensure sound architecture

• Create and maintain technical documentation — network diagrams, policies, and operational procedures

Support daily security operations and assist in audit event collection and reporting

Required Experience & Skills

Network & Infrastructure Security

1. IPS, WAF, Load Balancers, Network Firewalls (e.g. Palo Alto)
2. Network security fundamentals and data flow technologies
3. Mainstream OS familiarity across a wide range of security tools
4. Understanding of routing, NAT, ARP, and packet analysis

Application & Cloud Security

1. Application security concepts and web application technologies
2. Security vulnerability scanning and assessment methodologies
3. Cloud security experience (Azure / AWS WAF configurations)
4. Full understanding of the application project lifecycle

SIEM & Audit

1. Proficiency in SIEM platforms with custom report / dashboard development
2. Experience with audit event collection and reporting toolsets
3. Vulnerability management processes and stakeholder engagement

Soft Skills

1. Proven analytical and problem-solving abilities
2. Self-motivated, detail-oriented, and collaborative team player
3. High integrity, strong communication skills, positive demeanour
4. Ability to research emerging IT security issues and products