Zelis

WAF Engineer

Zelis

full-time

Posted on:

Location Type: Hybrid

Location: HyderabadIndia

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AssemblyAWSAzurePythonSplunkTerraform

About the role

  • Design, implement, and manage WAF policies for web applications and APIs across environments (dev/stage/prod)
  • Configure and tune managed rules and custom rules to mitigate OWASP Top 10 (SQLi, XSS, CSRF, RCE, LFI/RFI, SSRF, etc.)
  • Perform rule tuning and false-positive reduction using traffic baselining, exception handling, and staged enforcement (monitor → challenge → block)
  • Implement rate limiting, IP reputation, geo/ASN controls, and bot mitigation strategies to reduce abuse and credential stuffing
  • Integrate WAF logs with SIEM/log platforms (Splunk, Sentinel, ELK, QRadar) and build dashboards/alerts for threat monitoring
  • Support incident response for active attacks (L7 DDoS, exploit attempts), including rapid mitigation and post-incident improvements
  • Automate deployments using IaC (Terraform/CloudFormation/ARM/Bicep) and integrate with CI/CD pipelines
  • Conduct periodic security reviews, reporting, and metrics tracking (blocked events, top attacks, FP rate, MTTR)
  • Collaborate with app teams on secure configuration (headers, TLS, authentication flows) and compatibility testing

Requirements

  • 5+ years experience in WAF engineering / application security / edge security
  • Hands-on experience with at least one WAF platform: AWS WAF, Azure WAF, Cloudflare, F5 ASM/Advanced WAF, Imperva, Akamai, ModSecurity (any one or more)
  • Strong understanding of HTTP/HTTPS, web app architecture, REST APIs, and common attack patterns
  • Proven experience tuning WAF rules and balancing security vs. false positives
  • Experience with logging/monitoring and SIEM integrations
  • Scripting/automation skills: Powershell/Python/Bash (plus regex and JSON/YAML)
  • Familiarity with CI/CD and Infrastructure-as-Code principles
  • Good troubleshooting and stakeholder communication skills.
Benefits
  • hybrid work flexibility
  • comprehensive healthcare benefits
  • financial wellness programs
  • cultural celebrations
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
WAF engineeringapplication securityedge securityrule tuningtraffic baseliningrate limitingIP reputationbot mitigationscriptingautomation
Soft Skills
troubleshootingstakeholder communication