The DDoS & Web Application Security Engineer is responsible for designing, deploying, and managing defenses against volumetric, protocol, and application-layer attacks across on-premises and cloud environments.
Key Responsibilities • Design and implement DDoS protection strategies across hybrid and cloud infrastructures.
• Monitor real-time DDoS attacks, analyze traffic anomalies, and apply mitigation techniques.
• Configure, tune, and optimize Web Application Firewall (WAF) policies for APIs, web portals, and subdomains.
• Implement bot management and behavioral analysis to prevent credential stuffing and scraping attacks.
• Coordinate with SOC, Threat Intelligence, and Network teams during active incidents.
• Continuously improve layered security controls against evolving attack vectors.
• Deliver monthly reports covering DDoS incidents, WAF performance, and bot mitigation metrics.
• 5+ years of experience in network and web application security.
• Hands-on experience with F5 Advanced WAF, Cloudflare, Akamai Kona, or Radware DefensePro.
• Strong understanding of DDoS attack types, traffic analysis, and mitigation techniques.
• Experience securing APIs and cloud-based applications.
• Familiarity with SOC operations and incident response workflows.
• Strong troubleshooting and communication skills.