Key skills
Cloudflare WAFOWASP vulnerabilitiesAWS technologiesWeb application securityAPI integrationScripting languagesIncident responseCISSP certificationMicrosoft Office SuiteCommunication skillsProject managementTime managementPythonSQLPerlPowerShellAnalyticsAWSAzureTerraformJenkinsIAMCDNCloudflareProject ManagementCommunicationTime ManagementOWASPCloud SecurityWAFFirewall
About this role
Symplr is seeking a Senior Web Application Firewall (WAF) Engineer responsible for designing, deploying, and managing enterprise-grade WAF solutions. The role involves collaborating with cross-functional teams to enhance security measures and protect applications from emerging threats.
Responsibilities:
- Drive enterprise standard WAF solution (i.e., Cloudflare-first) security strategy and champion best practices across engineering and product teams
- Design, engineer, and maintain Web Application Firewall solutions to protect enterprise applications
- Develop and enforce WAF policies to align with organizational security standards to ensure optimal security posture and minimal false positives
- Develop advanced alerts, dashboards, and reports to meet stakeholder requirements
- Automate WAF management tasks and integrate workflows with other security tools
- Collaborate with Information Security, Product, Engineering, and DevOps teams to define and implement security use cases
- Create and fine-tunes WAF rules/signatures to mitigate emerging threats and vulnerabilities
- Monitor performance metrics and risk indicators to ensure continuous improvement
- Act as the primary liaison with WAF vendors for escalations, feature enhancements, and roadmap alignment
- Support incident response activities related to web application security threats
Requirements:
- University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
- Minimum of 4-5 years of relevant corporate information security industry experience
- One or more of the following certifications: CISSP, CSSLP, CISM, CCSP
- Knowledge of cybersecurity frameworks and relevant regulatory requirements
- Proven technical experience in enterprise WAF configuration and management
- Technical understanding of systems, applications, and databases
- Technical expertise in cloud infrastructure and services platforms (AWS and Azure preferred)
- Excellent communication skills at all organizational levels
- Strong project management and time management skills
- High level of personal integrity and ability to professionally handle confidential matters
- Capable of acting calmly and managing incidents under high pressure and stress
- Capable of multitasking in a fast paced, multifaceted environment
- Ability to work well with customers, peers, and management
- Proficient with the Microsoft Office Suite, Visio, and SharePoint
- Technical experience in OWASP web application and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks
- Solid understanding of web applications, web servers, application firewalls, and protocols with respect to web application development, deployment, and operation
- Deep experience with Cloudflare WAF, including advanced rule creation, custom policies, and performance tuning
- Experience with Cloudflare's security ecosystem (e.g., CDN, DDoS protection, bot management, API security)
- Ability to leverage Cloudflare analytics and dashboards for proactive threat detection and reporting
- Expertise in Cloudflare API integration for automation and advanced configuration
- Strong understanding and experience in Barracuda and AWS WAF platforms for enterprise security deployments
- Strong understanding of AWS technologies, including networking and security services
- Strong understanding of web application architecture, protocols, and security principles
- Experience with scripting languages such as Python, PowerShell, or Perl for automation
- Knowledge of OWASP Top 10 vulnerabilities and mitigation strategies
- Understanding of PKI, SSL/TLS, and secure communication protocols
- Ability to analyze and respond to complex security incidents involving web applications
- Understanding of TCP/IP, web protocols and networking concepts
- Understanding of incident response processes
- Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
- 5+ years of relevant corporate information security industry experience
- Proven technical experience in Cloudflare WAF configuration and management
- AWS Cloud Security and/or Microsoft Azure Security certifications are a plus
- Familiarity with DevOps toolchain (e.g. Terraform, Jenkins)
- Familiarity with cloud security, including but not limited to CSPM, CASB, DLP, IAM, and vulnerability management
- Familiarity with technical skills in enterprise security and networking protocols
- Demonstrated experience and knowledge of relevant regulatory and security framework requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and NIST 800 and ISO/IEC 27001/27002
- Previous working experience in healthcare technology environments