*Must work a hybrid schedule (3 days onsite) out of our Atlanta, DC, or Silver Spring office.*
The WAF Perimeter Security Engineer is a critical technical role responsible for securing WBD’s global edge infrastructure through advanced WAF and DDoS protections. This candidate will be considered a hands-on expert in WAF security, with proficient experience in traffic analysis, rule customization, and threat mitigation. Ideal candidates will have the following expectations: proactively design and tune WAF policies to defend against evolving threats, collaborate with product and engineering teams to embed security into edge services and APIs, and respond to real-time attacks with precision and agility. This role requires a strong understanding of web application architectures, application behavior, and the threat landscape, along with the ability to translate complex security requirements into scalable, effective solutions.
Overview
As a WAF Perimeter Security Engineer, the ideal candidate is expected to:
- Implement, configure, and maintain enterprise-grade WAF and DDoS protections across a large portfolio of properties.
- Develop and fine-tune custom firewall rules, bot mitigation controls, and DDoS mitigation security policies.
- Perform log analysis to identify malicious traffic patterns, false positives, and opportunities for tuning.
- Contribute to automation efforts (infrastructure as code, CI/CD integrations, scripts) to deploy and maintain security configurations.
- Identify security vulnerabilities and guide developers and engineers in addressing these issues
- Participate in on-call rotation as a subject matter expert for WAF/DDoS incident response.
- Partner with product, engineering, and operations teams to integrate WAF/Edge security controls into applications and services.
- Research and stay current on the latest attack vectors, vulnerabilities, and exploits affecting web and API applications.
- Recommend and implement improvements to strengthen defenses across the edge/perimeter layer.
Qualifications & Experiences:
- 3+ years of experience working with, configuring, and maintaining web application firewalls (WAF), including troubleshooting, rule development and deployment.
- Knowledge of web application attack techniques and common vulnerabilities (i.e. OWASP Top 10).
- Detailed understanding of the threats faced directly to consumer and digital platform organizations.
- Proven expertise with at least one major WAF platform (Akamai, Fastly NGWAF, AWS WAF, Azure, or similar).
- Familiarity with log analysis tools, scripting (Python, Bash, PowerShell), and automation frameworks.
- Proven hands-on experience engineering across one of the various Cloud Providers (AWS, GCP, Azure).
- Strong problem-solving skills with the ability to quickly analyze issues and implement effective mitigations.
- Excellent collaboration and communication skills across security, engineering, and product teams.
Not Required but preferred experience:
- Security certifications - CISSP, CISM, CISA, SANS, etc. Is a plus.
- Amazon certifications – Solutions Architecture Associate, Cloud Partitioner.
- Experience with infrastructure-as-code (Terraform, CloudFormation) for WAF/DDoS deployment.
- Familiarity with CDN integrations and API Security frameworks.
- Exposure to DDoS mitigation at scale, including volumetric and application-layer attacks.