Login Sign Up

WAF Security Engineer L2

Sattrix Information Security

2 - 5 years

Mumbai

Posted: 17/05/2026

Getting a referral is 5x more effective than applying directly

Job Description

WAF Security Engineer (L2)

Experience: 36 years in WAF / Application Security / Network Security roles.

Location: Mumbai (Goregaon East), Chennai (Siruseri IT Park)

Budget: 15-18 LPA

Shifts: ROTATIONAL SHIFTS (24*7 support)


Role Overview

The WAF Security Engineer (L2) will be responsible for advanced troubleshooting, policy tuning, attack analysis, and optimization of Web Application Firewall deployments protecting critical digital payment and financial applications.


Key Responsibilities


WAF Troubleshooting & Optimization

Perform advanced troubleshooting of application access issues and WAF false positives.

Tune WAF policies to reduce false positives while maintaining security.

Analyze HTTP transactions and request flows to identify security issues.

Troubleshoot 502, 503, upstream connectivity, and reverse proxy related issues.


Security Analysis

Analyze WAF attack logs and traffic patterns to identify malicious activity.

Investigate OWASP Top 10 attacks, bot traffic, and application layer DDoS attempts.

Perform rule tuning and custom signature development.


Deployment & Configuration

Deploy and manage WAF policies across environments.

Manage and support containerized WAF deployments.


Log Analytics

Build dashboards and analytics using ELK/SIEM tools.

Perform deep packet and request analysis when required.


Automation

Develop automation scripts for WAF log parsing, rule management, and operational tasks.

Support DevSecOps integration for WAF policy deployment pipelines.


Incident Response

Lead investigation for WAF-related security incidents.

Provide root cause analysis and remediation recommendations.


Required Skills

Core Security Knowledge

Strong understanding of OWASP Top 10 & Web Application Security

Strong understanding of HTTP, HTTPS, TLS, and TCP/IP


WAF Platforms

Hands-on experience in one or more:

Akamai WAF

NGINX App Protect

F5 ASM

VMWare NSx AVi


Troubleshooting Skills

HTTP request analysis

Application access troubleshooting

WAF false positive analysis


Tools & Technologies

Hands experience with Linux OS

ELK Stack / SIEM

Packet analysis (tcpdump / Wireshark)

Basic scripting (Python / Bash)


Nice to Have

Experience with NGINX / Load Balancers

Understanding of DevOps / Containers / Kubernetes

Experience with API security


Email - kirti.rustagi@raspl.com

Services you might be interested in

We Search & Apply Jobs for You!

Our team scans through 1000s of opportunities and applies to roles best suited to your profile

Save 100+ hours and focus on what matters - cracking interviews and landing offers.

getmereferred logo Know more