Login Sign Up
🔔 FCM Loaded

WAF Engineer

Stealth AI Startup

2 - 5 years

Hyderabad

Posted: 07/03/2026

Getting a referral is 5x more effective than applying directly

Job Description

Job Title: WAF Engineer / Specialist

Role: L2 & L3

Experience: 510 years (WAF-focused security experience)

Location : Work from office @ Hyderabad


Role Summary:

WAF Engineer will be responsible for designing, implementing, operating, and optimizing advanced Web Application Firewall capabilities to protect web applications, APIs, and digital platforms from sophisticated Layer-7 attacks. The role requires strong hands-on expertise across F5 WAF, Haltdos WAF and Barracuda WAF with exposure to MSSP / CDC / SOC environments.


Key Responsibilities:


  • Advanced WAF Implementation & Design:
  • Design and deploy enterprise-grade WAF architectures using F5 Advanced WAF, Haltdos and Barracuda WAF.
  • Implement positive and negative security models, including learning-based and signature-based policies.
  • Enable and manage API security protections for REST/JSON and XML-based services.


  • Advanced Security Controls:
  • Implement and tune protections for:
  • OWASP Top 10 (SQLi, XSS, CSRF, RCE, SSRF, etc.)
  • Layer-7 DDoS attacks (HTTP floods, slow-rate attacks, application abuse)
  • Bot mitigation (good bots vs malicious bots, credential stuffing, scraping, brute force)
  • Geo-fencing / Geo-blocking based on country, region, and IP reputation
  • IP reputation, threat intelligence feeds, and blacklist/whitelist controls
  • Configure rate limiting, anomaly detection, behavioral analysis, and challenge mechanisms (CAPTCHA, JS challenge, fingerprinting).


  • WAF Operations & Optimization:


  • Perform continuous policy tuning and false-positive reduction without impacting application availability.
  • Monitor WAF alerts, attack logs, and dashboards to identify attack trends and anomalies.
  • Manage signature updates, attack pattern updates, and rule lifecycle.
  • Conduct WAF health checks, performance tuning, and capacity planning.


  • Incident Response & SOC Integration:
  • Act as L3 escalation point for WAF-related incidents and outages.
  • Support real-time mitigation of active web attacks in coordination with SOC teams.
  • Integrate WAF logs and alerts with SIEM / SOAR platforms for correlation and automated response.


  • Compliance, Risk & Governance:


  • Support compliance and regulatory requirements such as RBI, PCI DSS, ISO 27001, SEBI, etc.
  • Assist with audit evidence, security assessments, and customer risk reviews.
  • Provide recommendations to strengthen application security posture.



Required Skills & Expertise


  • Strong hands-on expertise in F5 Advanced WAF (ASM/Advanced WAF).
  • Practical experience with Haltdos WAF and Barracuda WAF.


Deep understanding of:

  • OWASP Top 10 & OWASP API Security Top 10
  • Layer-7 DDoS attack patterns and mitigations
  • Bot management and behavioral detection
  • HTTP/HTTPS, TLS, REST APIs, WebSockets


Experience integrating WAF with load balancers, CDNs, and cloud-native services (AWS, Azure).

Services you might be interested in

Improve Your Resume Today

Boost your chances with professional resume services!

Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.

getmereferred logo Know more