Job Description & How to Apply Below
Role - WAF Engineer / Specialist
Location - Hyderabad
Work From Office
Required Skills & Expertise
Strong hands-on expertise in F5 Advanced WAF (ASM/Advanced WAF).
Practical experience with Haltdos WAF and Barracuda WAF.
Deep understanding of:
OWASP Top 10 & OWASP API Security Top 10
Layer-7 DDoS attack patterns and mitigations
Bot management and behavioral detection
HTTP/HTTPS, TLS, REST APIs, Web Sockets
Experience integrating WAF with load balancers, CDNs, and cloud-native services (AWS,
Azure).
Role
Summary:
WAF Engineer will be responsible for designing, implementing, operating, and optimizing
advanced Web Application Firewall capabilities to protect web applications, APIs, and digital
platforms from sophisticated Layer-7 attacks. The role requires strong hands-on expertise
across F5 WAF, Haltdos WAF and Barracuda WAF with exposure to MSSP / CDC / SOC
environments.
Key Responsibilities:
Advanced WAF Implementation & Design:
Design and deploy enterprise-grade WAF architectures using F5 Advanced WAF, Haltdos and Barracuda WAF.
Implement positive and negative security models, including learning-based and signature-based policies.
Enable and manage API security protections for REST/JSON and XML-based services.
Advanced Security Controls:
Implement and tune protections for:
OWASP Top 10 (SQLi, XSS, CSRF, RCE, SSRF, etc.)
Layer-7 DDoS attacks (HTTP floods, slow-rate attacks, application abuse)
Bot mitigation (good bots vs malicious bots, credential stuffing, scraping, brute force)
Geo-fencing / Geo-blocking based on country, region, and IP reputation
IP reputation, threat intelligence feeds, and blacklist/whitelist controls
Configure rate limiting, anomaly detection, behavioral analysis, and challenge mechanisms (CAPTCHA, JS challenge, fingerprinting).
WAF Operations & Optimization:
Perform continuous policy tuning and false-positive reduction without impacting application availability.
Monitor WAF alerts, attack logs, and dashboards to identify attack trends and anomalies.
Manage signature updates, attack pattern updates, and rule lifecycle.
Conduct WAF health checks, performance tuning, and capacity planning.
Incident Response & SOC Integration:
Act as L3 escalation point for WAF-related incidents and outages.
Support real-time mitigation of active web attacks in coordination with SOC teams.
Integrate WAF logs and alerts with SIEM / SOAR platforms for correlation and automated response.
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×