We are seeking a highly skilled DDoS Protection & Web Application Security Specialist to design, implement, and operate advanced protection mechanisms against volumetric, protocol, and application-layer attacks. The role focuses on safeguarding critical digital assets using industry-leading DDoS mitigation and Web Application Firewall (WAF) technologies across on-premises and cloud environments.
The ideal candidate will have hands-on expertise with F5 Advanced WAF, Cloudflare, Akamai Kona Site Defender, and Radware DefensePro, and will work closely with SOC, Threat Intelligence, and Network teams to ensure a strong, layered security posture.
Key Responsibilities
- Design, deploy, and manage DDoS protection strategies across on-premises and cloud-based infrastructures.
- Monitor real-time DDoS attacks, analyze traffic anomalies, and implement mitigation rules to ensure service availability.
- Configure, tune, and optimize Web Application Firewall (WAF) policies for web portals, APIs, and subdomains.
- Implement bot management and behavioral analysis to prevent credential stuffing, scraping, and automated abuse.
- Respond to application-layer and volumetric attacks, ensuring minimal impact on business services.
- Collaborate closely with SOC, Threat Intelligence, and Network Security teams to enhance coordinated defense mechanisms.
- Conduct continuous tuning of security policies to reduce false positives and improve detection accuracy.
- Prepare and deliver monthly operational reports covering DDoS incidents, WAF effectiveness, and bot mitigation metrics.
- Support incident response activities and contribute to post-incident analysis and improvement plans.
Required Skills & Experience
- 5+ years of experience in DDoS protection, web application security, or network security roles.
- Hands-on operational experience with one or more of the following platforms:
- F5 Advanced WAF
- Cloudflare
- Akamai Kona Site Defender
- Radware DefensePro
- Strong understanding of:
- DDoS attack types (volumetric, protocol, application-layer)
- Web application security threats (OWASP Top 10)
- HTTP/HTTPS, DNS, TCP/IP, and API security
- Experience securing APIs, web portals, and cloud-hosted applications.
- Familiarity with bot mitigation techniques and behavioral analysis.
- Ability to work effectively in high-pressure, incident-driven environments.
Preferred Qualifications
- Experience working in banking, financial services, or large enterprise environments.
- Exposure to SOC operations and security incident response processes.
- Relevant security certifications (e.g., F5, Cloudflare, Akamai, CISSP, CEH) are a plus.
