The Senior Web Application Firewall (WAF) Engineer will be responsible for the design, deployment, and ongoing management of enterprise-grade WAF solutions. This role requires advanced technical expertise to safeguard web applications across diverse environments. The successful candidate will collaborate with cross-functional teams to implement robust security measures, optimize WAF configurations, and integrate these solutions with other security platforms. Comprehensive knowledge of Cloudflare WAF and other WAF technologies is essential for success in this role. The person assists the security team in improving the security measures, maintaining and enforcing security policies, and working with cross-functional teams to protect our applications and products from emerging security threats.

• Drive enterprise standard WAF solution (i.e., Cloudflare-first) security strategy and champion best practices across engineering and product teams.
• Design, engineer, and maintain Web Application Firewall solutions to protect enterprise applications.
• Develop and enforce WAF policies to align with organizational security standards to ensure optimal security posture and minimal false positives.
• Develop advanced alerts, dashboards, and reports to meet stakeholder requirements.
• Automate WAF management tasks and integrate workflows with other security tools.
• Collaborate with Information Security, Product, Engineering, and DevOps teams to define and implement security use cases.
• Create and fine-tunes WAF rules/signatures to mitigate emerging threats and vulnerabilities.
• Monitor performance metrics and risk indicators to ensure continuous improvement.
• Act as the primary liaison with WAF vendors for escalations, feature enhancements, and roadmap alignment.
• Support incident response activities related to web application security threats.

• Technical experience in OWASP web application and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks. 
• Solid understanding of web applications, web servers, application firewalls, and protocols with respect to web application development, deployment, and operation
• Deep experience with Cloudflare WAF, including advanced rule creation, custom policies, and performance tuning.
• Experience with Cloudflare’s security ecosystem (e.g., CDN, DDoS protection, bot management, API security).
• Ability to leverage Cloudflare analytics and dashboards for proactive threat detection and reporting.
• Expertise in Cloudflare API integration for automation and advanced configuration.
• Strong understanding and experience in Barracuda and AWS WAF platforms for enterprise security deployments.
• Strong understanding of AWS technologies, including networking and security services.
• Strong understanding of web application architecture, protocols, and security principles.
• Experience with scripting languages such as Python, PowerShell, or Perl for automation.
• Knowledge of OWASP Top 10 vulnerabilities and mitigation strategies.
• Understanding of PKI, SSL/TLS, and secure communication protocols.
• Ability to analyze and respond to complex security incidents involving web applications.
• Understanding of TCP/IP, web protocols and networking concepts.
• Understanding of incident response processes.

Required Education, Experience, Skills and Abilities:

• University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• Minimum of 4-5 years of relevant corporate information security industry experience
• Healthcare technology industry experience is a bonus
• One or more of the following certifications: CISSP, CSSLP, CISM, CCSP
• Knowledge of cybersecurity frameworks and relevant regulatory requirements
• Proven technical experience in enterprise WAF configuration and management
• Technical understanding of systems, applications, and databases
• Technical expertise in cloud infrastructure and services platforms (AWS and Azure preferred)
• Excellent communication skills at all organizational levels
• Strong project management and time management skills
• High level of personal integrity and ability to professionally handle confidential matters
• Capable of acting calmly and managing incidents under high pressure and stress
• Capable of multitasking in a fast paced, multifaceted environment
• Ability to work well with customers, peers, and management
• Proficient with the Microsoft Office Suite, Visio, and SharePoint

Preferred Education Experience, Skills and Abilities

• Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• 5+ years of relevant corporate information security industry experience
• Proven technical experience in Cloudflare WAF configuration and management
• AWS Cloud Security and/or Microsoft Azure Security certifications are a plus
• Familiarity with DevOps toolchain (e.g. Terraform, Jenkins)
• Familiarity with cloud security, including but not limited to CSPM, CASB, DLP, IAM, and vulnerability management
• Familiarity with technical skills in enterprise security and networking protocols
• Demonstrated experience and knowledge of relevant regulatory and security framework requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and NIST 800 and ISO/IEC 27001/27002
• Previous working experience in healthcare technology environments