Security Engineer, WAF

Apply now: Security Engineer – WAF , location is Hybrid (Atlanta, GA) . The start date is ASAP for this Contract-to-Hire (6 months) position.

Job Title: Security Engineer - WAF
Location-Type: Hybrid (3 Days A Week Onsite - Atlanta, GA 30318)
Start Date Is: ASAP
Duration: Contract-to-Hire (6 months)
Eligible Work Authorization Status: US-Citizen or Green Card (no sponsorship required)

Job Description:
The Security Engineer (WAF) will support web application security operations by managing and optimizing Web Application Firewall protections, improving detection capabilities, and partnering with engineering teams to ensure secure application deployments.

Day-to-Day Responsibilities:

• Implement, manage, and optimize WAF protections across web applications and APIs
• Write, tune, and maintain WAF rules including custom protections, bot mitigation controls, and rate limiting
• Analyze WAF logs and security alerts to identify malicious traffic patterns and reduce false positives
• Collaborate with engineering and product teams to integrate WAF protections into CI/CD pipelines
• Support secure deployment of cloud infrastructure using Infrastructure as Code (IaC) tools
• Develop automation scripts to enhance WAF operations and security processes
• Contribute to GitHub repositories supporting security tooling and configuration management
• Document operational procedures, runbooks, and incident response playbooks
• Participate in on-call rotation supporting security incidents and operational needs
• Assist with security configuration deployments within AWS environments

Requirements:

• Must-Have Skills/Experiences:
  • 2–4 years of experience in application security, cloud security, or network security
  • Hands-on experience with Web Application Firewalls (AWS WAF, Cloudflare, Akamai, Fastly, or Azure WAF)
  • Strong understanding of protocols and OWASP Top 10 vulnerabilities
  • Experience working within DevOps or DevSecOps environments
  • Experience deploying security configurations through Infrastructure as Code tools (Terraform or CloudFormation)
  • Experience working in AWS cloud environments
  • Log analysis experience using tools such as Splunk or similar SIEM platforms
  • Scripting experience with Python (preferred) and familiarity with TypeScript or Go
  • Experience supporting cloud deployments through automation and code
  • Strong communication skills with the ability to partner with engineering and product teams

• Nice-to-Have Skills/Experiences (NOT required, but a plus!) :
  • Experience in media, entertainment, telecommunications, or financial services environments
  • Security certifications such as GIAC, GWAPT, CISSP, or CSSLP
  • Experience integrating WAF protections with CDNs
  • Experience with API security best practices
  • Experience building security automation workflows