Senior Security WAF Engineer

March 12

Apply Now

Receive Emails with Similar Jobs

Empower

WebsiteLinkedInAll Job Openings

Empower is a financial services company that provides personalized investment and advice solutions to help individuals achieve financial freedom throughout their lives. It offers a range of wealth management services including private client investment management, socially responsible investing, retirement planning, and personal strategy services tailored for various investment needs. With innovative tools such as the Empower Personal Dashboard, clients can consolidate their financial information, plan for retirement, and make informed money decisions.

10,000+ employees

💸 Finance

💳 Fintech

📋 Description

• WAF & Firewall Security Engineering • Deploy, configure, and optimize WAF policies using Cloudflare WAF, AWS WAF, and Palo Alto Networks firewalls. • Fine-tune security rules, signatures, and bot mitigation policies to block OWASP Top 10 threats, API abuse, and zero-day vulnerabilities. • Manage Palo Alto Networks firewalls, including: Threat Prevention, URL Filtering, Application-Based Filtering, SSL Decryption, and Advanced Threat Protection. • NGFW policies and rule tuning to block L7 attacks, botnets, and advanced persistent threats (APTs). • Logging, alerting, and correlation of firewall events within SIEM • Integrate WAF and firewall security policies with SIEM (Splunk, ELK) and SOAR solutions for improved threat intelligence sharing and automated response. • Layer 7 Application DDoS Protection & Remediation • Detect, analyze, and mitigate Layer 7 DDoS attacks, including: Slowloris, HTTP Floods, Recursive GET/POST attacks, API abuse, and bot-driven volumetric attacks. • Malicious bot traffic, headless browsers, and scraping attacks targeting web applications. • Remediate Layer 7 DDoS attacks by: Implementing Palo Alto Auto-Blocking Rules and Cloudflare Advanced Rate Limiting. • Deploying traffic anomaly detection and automated WAF rule adjustments. • Enforcing CAPTCHA challenges, JavaScript challenges, and behavioral-based bot detection. • Geo-blocking malicious IPs and ASN-based filtering for high-risk traffic sources. • Automate DDoS remediation playbooks using Terraform, Python, and API-based integrations for dynamic WAF/firewall adjustments. • Perform post-attack forensic analysis to improve future detection and prevention capabilities. • Infrastructure as Code (IaC) & Security Automation • Automate WAF and firewall rule deployment using Terraform to standardize security enforcement. • Develop Terraform modules for Cloudflare WAF and Palo Alto Networks firewalls to manage security configurations at scale. • Integrate security policies with CI/CD pipelines to enforce security best practices in DevSecOps workflows. • Create self-healing security automation that dynamically adjusts WAF and firewall rules in response to active threats. • Indicators of Compromise (IoC) & Threat Detection • Analyze IoCs from WAF logs, Palo Alto firewalls, SIEM alerts, and external threat intelligence sources to detect advanced threats. • Investigate malicious Layer 7 traffic behaviors, API exploitation, bot-driven attacks, and application-layer intrusions. • Develop and deploy custom security signatures for real-time threat prevention on Cloudflare WAF and Palo Alto Firewalls. • Correlate IoCs across WAF, firewall, and cloud security tools to build a proactive threat defense model. • Incident Response & Risk Mitigation • Act as a Tier 3 escalation point for complex WAF, firewall, and Layer 7 DDoS security incidents. • Implement real-time DDoS mitigation strategies to minimize service disruption and protect critical web applications. • Work closely with Red Team / Blue Team exercises to validate WAF and firewall security controls against simulated attack scenarios. • Compliance & Governance • Ensure WAF and firewall configurations comply with PCI-DSS, NIST 800-53, ISO 27001, GDPR, and CIS security standards. • Conduct security audits and ensure that all security policies are version-controlled using Terraform and Git. • Maintain audit logs and security policies as code to support compliance and operational resilience. • Participate in 24x7 on-call rotation • Perform related duties as requested

🎯 Requirements

• 5+ years of experience in WAF security engineering, Layer 7 DDoS mitigation, and network security. • 5+ years of expertise in Cloudflare WAF, AWS WAF, and Palo Alto Networks firewalls. • Hands-on experience in Layer 7 DDoS detection, remediation, and real-time security automation. • Experience with Infrastructure as Code (IaC) using Terraform to automate WAF and firewall security configurations. • Strong knowledge of Indicators of Compromise (IoC), OWASP Top 10, MITRE ATT&CK, and web security attack vectors. • Proficiency in Python, PowerShell, Terraform, or APIs for automation and threat response. • Experience integrating WAF and firewall security with SIEM (Splunk). • Strong troubleshooting, analytical, and problem-solving skills in web security, application security, and threat mitigation. • Bachelor’s degree in Computer Science, Information Systems, Software Engineering, Electrical or Electronics Engineering or comparable field of study, and/or equivalent work experience.

🏖️ Benefits

• Medical, dental, vision and life insurance • Retirement savings – 401(k) plan with generous company matching contributions (up to 6%), financial advisory services, potential company discretionary contribution, and a broad investment lineup • Tuition reimbursement up to $5,250/year • Business-casual environment that includes the option to wear jeans • Generous paid time off upon hire – including a paid time off program plus ten paid company holidays and three floating holidays each calendar year • Paid volunteer time — 16 hours per calendar year • Leave of absence programs – including paid parental leave, paid short- and long-term disability, and Family and Medical Leave (FMLA) • Business Resource Groups (BRGs) - internal networks that rally around common interest, experiences and identities such as race, ethnicity, gender, ability, military status and sexual orientation. BRGs play a vital role in educating and engaging our people and advancing our business priorities.