Web Application Firewall (WAF) Engineer

Company: CDK Global
Apply for the Web Application Firewall (WAF) Engineer
Location: Hyderabad
Job Description:

Position Summar

y

The Web Application Firewall (WAF) Engineer is a specialized security engineering role responsible for designing, implementing, and operating web application protection controls across CDK’s cloud and on‑premises environments. This role focuses on safeguarding customer and internet facing web applications from modern threats such as OWASP Top 10 risks, bot abuse, and API attacks. The WAF Engineer partners with Application, Cloud, and Infrastructure teams to embed scalable, resilient, and automated web security controls aligned with zero trust and enterprise risk management objectives.

Responsibilities

·         Design, deploy, and manage Web Application Firewall (WAF) solutions protecting internet-facing web applications

·         Configure, tune, and maintain WAF policies to mitigate OWASP Top 10 vulnerabilities, bot attacks, and application-layer threats

·         Operate WAF platforms across cloud and hybrid environments, including integration with CDNs, load balancers, and ingress services

·         Partner with Application and DevOps teams to embed WAF controls into CI/CD pipelines and application delivery workflow

·         Analyze WAF alerts and logs to identify attack patterns, reduce false positives, and improve detection efficacy

·         Support API security use cases including rate limiting, schema validation, and abuse prevention

·         Implement WAF rule lifecycle management processes including testing, promotion, and rollback

·         Drive automation of WAF configuration and deployment using infrastructure as code and APIs

·         Participate in incident response related to web application attacks, including containment and root cause analysis

·         Document WAF standards, reference architectures, and operational procedures

Qualifications

·         Bachelor’s Degree in Computer Science, Information Security, or equivalent combination of education and relevant experience

·         5+ years of experience in application or network security engineering roles

·         Hands-on experience operating Web Application Firewalls in enterprise or SaaS environments

·         Experience mitigating OWASP Top 10 vulnerabilities and application-layer threats

·         Working knowledge of cloud platforms (AWS, Azure, or GCP) and cloud-native application delivery services

·         Ability to analyze security logs, tune detection logic, and balance security controls with application availability

·         Strong collaboration skills and experience working with development and platform teams

Preferred Qualifications

·         Experience with leading WAF platforms such as Cloudflare, Akamai, AWS WAF, Azure WAF, F5, or similar technologies

·         Background securing APIs and microservices architectures, including API gateways and service meshes

·         Experience integrating WAF controls into DevSecOps and CI/CD pipelines

·         Knowledge of bot management, DDoS mitigation, and edge security services

·         Experience supporting compliance-driven environments and participating in security assessments

·         Relevant certifications such as GWAPT, CSSLP, CISSP, or vendor-specific WAF and cloud security certifications

 

Posted: March 14th, 2026

Similar Jobs: