Web App Firewall Security Engineer

Role Overview

• Serve as subject matter expert for enterprise WAF platforms, with primary ownership of Akamai and operational support for Imperva and AWS WAF
• Design, deploy, configure, and manage WAF policies protecting web applications and APIs
• Tune and optimize security rules to balance threat prevention, performance, and revenue protection
• Configure and maintain Akamai security capabilities including Bot Manager, Rate Control, Client Reputation, API Security, and related protections
• Monitor and analyze security events, attack traffic, bot activity, and abuse patterns including OWASP Top 10 threats and DDoS attempts
• Perform ongoing rule reviews, policy optimization, and false positive reduction
• Support production change management processes and ensure stability when implementing WAF updates
• Participate in incident response activities related to web-layer and edge-based threats
• Develop and report on WAF effectiveness metrics including block accuracy, false positive rate, and attack trends
• Maintain documentation of configurations, procedures, and operational standards
• Partner with Application Security Team to validate exploitability of identified vulnerabilities
• Support secure deployment practices and CI/CD security integrations
• Assist development teams in understanding web-layer threats and mitigation strategies
• Develop lightweight automation scripts to improve monitoring, validation, and reporting processes
• Stay current with emerging web threats and platform updates

Requirements

• Bachelor’s Degree in computer science, Management Information Systems, or equivalent experience.
• 3–5+ years of hands-on experience operating and tuning Web Application Firewalls in enterprise or high-traffic environments
• Strong hands-on experience with Akamai security products required
• Strong understanding of web application security concepts and OWASP Top 10
• Knowledge of HTTP, HTTPS, TLS, DNS, CDN architectures, and cloud-based environments
• Experience analyzing security logs, traffic patterns, and attack behavior
• Demonstrated ability to tune WAF policies and reduce false positives without disrupting production traffic
• Experience supporting structured production change management processes
• Basic scripting or automation experience such as Python, Bash, or REST APIs
• Strong troubleshooting, analytical, and problem-solving skills
• Preferred: Experience with Imperva and/or AWS WAF
• Experience supporting high-volume ecommerce or retail environments
• Familiarity with PCI security requirements
• Experience working with distributed development and DevOps teams

Tech Stack

• AWS
• Cloud
• DNS
• Firewalls
• Python

Benefits

• Competitive healthcare, dental & vision insurance
• 401(k) matching after one year of employment
• Generous time off + company holidays
• Merchandise discount
• Learning & Development programs
• Much more!