Security Architect - L1

The Web Application Firewall (WAF) Security Engineer is a critical role within our Network Security Team team, focusing on protecting internet-facing applications through the implementation and management of WAF solutions. This role is ideal for individuals with strong WAF experience and a proven track record in security policy development and infrastructure as code (IaC) automation

Key Responsibilities:

• Design, implement, and manage WAF security policies, with a primary focus on Cloudflare, to protect internet-facing applications.
• Continuously refine and improve WAF rules and policies, standardizing operational practices and creating detailed documentation.
• Provide L3 level support for operational issues, troubleshoot and resolve complex problems.
• Employ infrastructure-as-code (IaC) tooling, particularly Terraform, to automate the provisioning and management of configurations.
• Conduct in-depth analyses of web traffic patterns and security logs to identify and mitigate potential threats.
• Collaborate with application teams to ensure WAF policies align with security requirements and best practices.
• Stay current with emerging web application threats and adjust WAF policies accordingly.

Qualifications:

• At least 5 years of hands-on experience in Web Application Security, with a significant focus on security policy management.
• Extensive experience with Cloudflare WAF, including writing and tuning security policies.

• Experience with Custom WAF rules such as Firewall Rules, Rate Limiting, Bot Management, Managed Rules.Deeper understanding of performance considerations for an internet facing site such as latency, caching strategies, HTTP/2, and TLS 1.3.

• Strong knowledge of web application security concepts, common vulnerabilities (e.g., OWASP Top 10), and attack vectors (DDoS).
• Hands-on experience with infrastructure-as-code, particularly Terraform.
• Experience with log / data analysis and SIEM tools (e.g., Splunk).
• Proficiency in at least one scripting or programming language (e.g., Python, Bash) for automation tasks.
• Experience with public cloud providers (AWS, Azure, or GCP) and their native security services.
• Familiarity with CI/CD pipelines and version control systems (e.g., Git).
• Understanding of network protocols and web technologies (HTTP/HTTPS, SSL/TLS, DNS).

Soft Skills:

• Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail in policy writing and configuration.
• Ability to work independently and as part of a team in a fast-paced environment.
• Proactive approach to identifying and mitigating security risks.
• Adaptability and continuous learning to keep up with evolving threats and technologies.
• Experience in managing stakeholder expectations and collaborating with cross-functional teams.
• Ability to prioritize tasks effectively and manage multiple projects simultaneously.