WAF Security Engineer -Akamai (RARR Job 5293)

We are looking for a skilled WAF Engineer with hands-on experience in Akamai Web Application Firewall (WAF) to help protect our mission-critical applications. The ideal candidate will be responsible for tuning, managing, and enhancing our Web Application and API Protection (WAAP) capabilities across cloud and on-premise environments.

Key Responsibilities:

• Work closely with Capability Leads to deliver Web Application and API Protection (WAAP), primarily using Akamai.

• Review and act on WAF tuning requests in a timely and accurate manner.

• Conduct in-depth log analysis to identify false positives and optimize WAF rules for accuracy and performance.

• Develop, document, and maintain WAF policies, tuning procedures, and configurations.

• Design, test, and recommend application-specific WAF policies and rule sets.

• Collaborate with application and infrastructure teams to integrate WAF solutions seamlessly.

• Implement anti-bypass protection for on-premise applications via Akamai.

• Provide WAF configuration recommendations based on best practices and business security requirements.

• Perform regular assessments and audits to ensure optimal security posture and compliance.

• Maintain audit and compliance documentation as per regulatory needs.

• Deliver monthly/quarterly reviews to application owners demonstrating WAF effectiveness.

• Stay current with latest web security threats, vulnerabilities, and trends.

• Evaluate, design, and recommend new WAAP solutions to enhance protection capabilities.

Key Accountabilities:

• Align WAAP policies across multi-infrastructure environments with capability lead and control owners.

• Conduct thorough log analysis to mitigate false positives and fine-tune WAF.

• Proactively enhance WAF accuracy and effectiveness.

• Ensure WAF traffic enforcement such that origin servers are only accessible via Akamai (preventing direct-to-origin attacks).

• Regularly review and optimize WAF rule sets for existing and new applications.

• Participate in service reviews with application owners to assess WAF performance and protection level.

• Continuously research and implement improvements based on evolving security landscapes.