Web Application Firewall Specialist

Experience: 5–10 years
Location: Hyderabad
Mode of work: Work from office

Role Summary:

WAF Engineer will be responsible for designing, implementing, operating, and optimizing advanced Web Application Firewall capabilities to protect web applications, APIs, and digital platforms from sophisticated Layer-7 attacks. The role requires strong hands-on expertise across F5 WAF, Haltdos WAF and Barracuda WAF with exposure to MSSP / CDC / SOC environments.

Key Responsibilities:

Advanced WAF Implementation & Design:

• Design and deploy enterprise-grade WAF architectures using F5 Advanced WAF, Haltdos and Barracuda WAF.
• Implement positive and negative security models, including learning-based and signature-based policies.
• Enable and manage API security protections for REST/JSON and XML-based services.

Advanced Security Controls:

• Implement and tune protections for:
• OWASP Top 10 (SQLi, XSS, CSRF, RCE, SSRF, etc.)
• Layer-7 DDoS attacks (HTTP floods, slow-rate attacks, application abuse)
• Bot mitigation (good bots vs malicious bots, credential stuffing, scraping, brute force)
• Geo-fencing / Geo-blocking based on country, region, and IP reputation
• IP reputation, threat intelligence feeds, and blacklist/whitelist controls
• Configure rate limiting, anomaly detection, behavioral analysis, and challenge mechanisms (CAPTCHA, JS challenge, fingerprinting).

WAF Operations & Optimization:

• Perform continuous policy tuning and false-positive reduction without impacting application availability.
• Monitor WAF alerts, attack logs, and dashboards to identify attack trends and anomalies.
• Manage signature updates, attack pattern updates, and rule lifecycle.
• Conduct WAF health checks, performance tuning, and capacity planning.

Incident Response & SOC Integration:

• Act as L3 escalation point for WAF-related incidents and outages.
• Support real-time mitigation of active web attacks in coordination with SOC teams.
• Integrate WAF logs and alerts with SIEM / SOAR platforms for correlation and automated response.

Compliance, Risk & Governance:

• Support compliance and regulatory requirements such as RBI, PCI DSS, ISO 27001, SEBI, etc.
• Assist with audit evidence, security assessments, and customer risk reviews.
• Provide recommendations to strengthen application security posture.

Required Skills & Expertise

• Strong hands-on expertise in F5 Advanced WAF (ASM/Advanced WAF).
• Practical experience with Haltdos WAF and Barracuda WAF.

Deep understanding of:

• OWASP Top 10 & OWASP API Security Top 10
• Layer-7 DDoS attack patterns and mitigations
• Bot management and behavioral detection
• HTTP/HTTPS, TLS, REST APIs, WebSockets
• Experience integrating WAF with load balancers, CDNs, and cloud-native services (AWS, Azure).