Design, deploy, and manage WAF solutions for on-premise and cloud-based platforms.
Develop and fine-tune WAF policies, rules, and signatures to mitigate known threats and application abuses as well as emerging threats.
Lead incident response efforts for web application and network attacks, including root cause analysis and remediation.
Monitor and analyze inbound web traffic to identify and respond to suspicious activities, ensuring real-time threat mitigation.
Collaborate with cross-functional teams to integrate WAF solutions into CI/CD pipelines and application architectures and focus on maturing WAF protections.
Maintain and optimize WAF configurations to balance security, performance, and user experience and enable process optimization and automation.
Be involved in regular security assessments, vulnerability scans, and penetration testing to identify gaps in WAF protection.
Maintain a close working relation with the Application Development team to ensure optimal protections are used for all new application releases.
Ensure adequate testing and validation has been performed for all protections and mitigations before rollout.
Mentor team members and provide guidance on WAF best practices and troubleshooting.
Stay current with emerging threats, vulnerabilities, and industry best practices to enhance WAF strategies.
Document WAF infrastructure, create and maintain design diagrams, configurations, policies, and incident reports to ensure compliance with regulatory requirements.
Ensure an always-on application delivery model by providing quick response and reaction to incidents and critical activities when needed.
Participate in on-call rotations to support 24/7 operations as needed.
Ensure application security practices and solution operations align with regulatory standards such as PCI-DSS, NIST.

Requirements

Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or relevant equivalent experience.
5+ years of experience in cybersecurity with a focus on Web Application Firewalls.
3+ years of hands-on experience managing both on-premise WAF solutions and cloud-based WAF platforms.
Experience with application security testing, application security abuse cases, emerging threats, particularities of threats against payment and financial applications.
Experience with data analysis and SIEM tools (e.g., Grafana/Opensearch/CS NextGen SIEM) for log analysis and monitoring.
Experience with cloud platforms (AWS, Azure, GCP) and their native security tools.
Deep knowledge of web application vulnerabilities and mitigation techniques.
Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs).
Comfortable with using terminals, scripting and automation for WAF automation use-cases.
Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines.

Benefits

Medical, Dental, & Vision Coverage
Flexible Paid Time Off
401(k) + Match
Mental Health Support & Well-Being Program
Paid Maternity & Paternity Leave
Education Assistance
Company-funded Lifestyle Spending Account

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Web Application Firewalls (WAF)application security testingvulnerability scanningpenetration testingdata analysisnetwork protocols (HTTP, HTTPS, TCP/IP, DNS)web technologies (HTML, JavaScript, APIs)scriptingautomationcloud security

Soft Skills

incident responseroot cause analysismentoringcollaborationcommunicationproblem-solvingguidanceprocess optimizationreal-time threat mitigationadaptability

Certifications

Bachelor’s degree in Computer ScienceBachelor’s degree in Information SecurityBachelor’s degree in Cybersecurity