Login Sign Up
🔔 FCM Loaded

WAF Engineer / Specialist

ThinkWise Consulting LLP

2 - 5 years

Hyderabad

Posted: 12/02/2026

Getting a referral is 5x more effective than applying directly

Job Description

Role - WAF Engineer / Specialist

Location - Hyderabad

Work From Office


Required Skills & Expertise

Strong hands-on expertise in F5 Advanced WAF (ASM/Advanced WAF).

Practical experience with Haltdos WAF and Barracuda WAF.

Deep understanding of:

  • OWASP Top 10 & OWASP API Security Top 10
  • Layer-7 DDoS attack patterns and mitigations
  • Bot management and behavioral detection
  • HTTP/HTTPS, TLS, REST APIs, WebSockets

Experience integrating WAF with load balancers, CDNs, and cloud-native services (AWS,

Azure).


Role Summary:

WAF Engineer will be responsible for designing, implementing, operating, and optimizing

advanced Web Application Firewall capabilities to protect web applications, APIs, and digital

platforms from sophisticated Layer-7 attacks. The role requires strong hands-on expertise

across F5 WAF, Haltdos WAF and Barracuda WAF with exposure to MSSP / CDC / SOC

environments.


Key Responsibilities:

  • Advanced WAF Implementation & Design:
  • Design and deploy enterprise-grade WAF architectures using F5 Advanced WAF, Haltdos and Barracuda WAF.
  • Implement positive and negative security models, including learning-based and signature-based policies.
  • Enable and manage API security protections for REST/JSON and XML-based services.


Advanced Security Controls:

Implement and tune protections for:

  • OWASP Top 10 (SQLi, XSS, CSRF, RCE, SSRF, etc.)
  • Layer-7 DDoS attacks (HTTP floods, slow-rate attacks, application abuse)
  • Bot mitigation (good bots vs malicious bots, credential stuffing, scraping, brute force)
  • Geo-fencing / Geo-blocking based on country, region, and IP reputation
  • IP reputation, threat intelligence feeds, and blacklist/whitelist controls
  • Configure rate limiting, anomaly detection, behavioral analysis, and challenge mechanisms (CAPTCHA, JS challenge, fingerprinting).


WAF Operations & Optimization:

  • Perform continuous policy tuning and false-positive reduction without impacting application availability.
  • Monitor WAF alerts, attack logs, and dashboards to identify attack trends and anomalies.
  • Manage signature updates, attack pattern updates, and rule lifecycle.
  • Conduct WAF health checks, performance tuning, and capacity planning.


Incident Response & SOC Integration:

  • Act as L3 escalation point for WAF-related incidents and outages.
  • Support real-time mitigation of active web attacks in coordination with SOC teams.
  • Integrate WAF logs and alerts with SIEM / SOAR platforms for correlation and automated response.

Services you might be interested in

Improve Your Resume Today

Boost your chances with professional resume services!

Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.

getmereferred logo Know more