The WAF Security Engineer is responsible for operating, securing, and evolving the organization's application exposure and protection platforms.
The role focuses on Web Application Firewalls (WAF), reverse proxies, anti-DDoS, and external access services, ensuring the confidentiality, integrity, and availability of business-critical applications.
The engineer works closely with network, security, and application teams to protect Internet-facing services against Layer-7 threats, bots, abuse patterns, and volumetric or application-level attacks.
Responsibilities
WAF & application Security operations:
- Operate and maintain multi-vendor WAF platforms (F5, ADC NetScaler & AWS).
- Design, configure, and maintain application security policies, including:
- Positive and negative security models
- Signature-based protection and behavioral analysis
- Bot mitigation, brute-force protection, and abuse prevention
- Manage the full lifecycle of WAF rules: creation, tuning, validation, deployment, and optimization.
- Analyze and reduce false positives/negatives while maintaining application availability and performance.
Reverse proxy & external Access services:
- Operate reverse proxy and external access gateways (F5, ADC NetScaler & AWS ).
- Manage SSL/TLS offloading, certificate lifecycle, and cryptographic standards.
- Support secure application exposure across DMZ, on-premise, private cloud, and hybrid environments.
Anti-DDoS & resilience:
- Support anti-DDoS solutions (AWS-based and ISP-managed services) integrated with WAF platforms.
- Participate in attack mitigation strategies for volumetric and application-layer threats.
Security operations & governance:
- Monitor security events, alerts, and dashboards related to WAF and external access services.
- Handle incident and problem management, including troubleshooting, root cause analysis (RCA), and post-incident reports (PIR).
- Participate in change and configuration management, including upgrades, patches, and controlled rollouts.
- Maintain operational documentation, architecture diagrams, and configuration inventories.
- Coordinate with vendors and third parties for escalations and technical support.
Experience
- 7+ years of experience in network and application security operations.
- Strong hands-on experience with Web Application Firewalls (F5, NetScaler).
- Solid understanding of HTTP/S, SSL/TLS, web architectures, and application flows.
- Experience securing Internet-facing applications in large, multi-site enterprise environments.
Additional experience or knowledge in the following technologies is considered a strong asset:
- Network Firewalls (Fortinet FortiGate, CheckPoint).
- Secure remote access and VPN solutions (Cisco ASA / AnyConnect).
- Identity and access services (Cisco ISE, RSA MFA).
- Network security management and policy analysis tools.
- Secure DNS, IPAM, and infrastructure services.
- Fluent in English, knowledge of French
Our offer
- An attractive salary package with or without a company car
- 5 additional vacation days each year
- A dedicated training program with personal development plans
- Extra-legal advantages (IT material, banks, ...)
- Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...
If you like multicultural teams and want to join a company with open communication, then apply right now !
Please note that a criminal record will be asked for this position.
