Web Application Firewall (WAF) Security Engineer

The WAF Security Engineer is responsible for operating, securing, and evolving the organization’s application exposure and protection platforms.

The role focuses on Web Application Firewalls (WAF), reverse proxies, anti-DDoS, and external access services, ensuring the confidentiality, integrity, and availability of business-critical applications.

The engineer works closely with network, security, and application teams to protect Internet-facing services against Layer-7 threats, bots, abuse patterns, and volumetric or application-level attacks.

Responsibilities:

WAF & Application Security Operations

• Operate and maintain multi-vendor WAF platforms (F5, ADC Netscaler & AWS).
• Design, configure, and maintain application security policies, including:
• Positive and negative security models
• Signature-based protection and behavioral analysis
• Bot mitigation, brute-force protection, and abuse prevention
• Manage the full lifecycle of WAF rules: creation, tuning, validation, deployment, and optimization.
• Analyze and reduce false positives/negatives while maintaining application availability and performance.

Reverse Proxy & External Access Services

• Operate reverse proxy and external access gateways ( F5, ADC Netscaler & AWS ).
• Manage SSL/TLS offloading, certificate lifecycle, and cryptographic standards.
• Support secure application exposure across DMZ, on-premise, private cloud, and hybrid environments.

Anti-DDoS & Resilience

• Support anti-DDoS solutions (AWS-based and ISP-managed services) integrated with WAF platforms.
• Participate in attack mitigation strategies for volumetric and application-layer threats.

Security Operations & Governance

• Monitor security events, alerts, and dashboards related to WAF and external access services.
• Handle incident and problem management, including troubleshooting, root cause analysis (RCA), and post-incident reports (PIR).
• Participate in change and configuration management, including upgrades, patches, and controlled rollouts.
• Maintain operational documentation, architecture diagrams, and configuration inventories.
• Coordinate with vendors and third parties for escalations and technical support.

Experience:

• 7+ years of experience in network and application security operations.
• Strong hands-on experience with Web Application Firewalls (F5, NetScaler).
• Solid understanding of HTTP/S, SSL/TLS, web architectures, and application flows.
• Experience securing Internet-facing applications in large, multi-site enterprise environments.

Additional experience or knowledge in the following technologies is considered a strong asset:

• Network Firewalls (Fortinet FortiGate, CheckPoint).
• Secure remote access and VPN solutions (Cisco ASA / AnyConnect).
• Identity and access services (Cisco ISE, RSA MFA).
• Network security management and policy analysis tools.
• Secure DNS, IPAM, and infrastructure services.
• Fluent in English, knowledge of French

Our Offer:

• An attractive salary package with or without a company car
• 5 additional vacation days each year
• A dedicated training program with personal development plans
• Extra-legal advantages (IT material, banks, ...)
• Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...

If you like multicultural teams and want to join a company with open communication, then apply right now !

Please note that a criminal record will be asked for this position.