Software Guidance & Assistance
Software Guidance & Assistance

WAF Adversarial Engineer

Seattle, WA, US • Posted 3 days ago • Updated 1 day ago
Contract W2
On-site
USD $65.00 - 71.00 per hour
Company Branding Image
Fitment

Dice Job Match Score™

🧠 Analyzing your skills...

Job Details

Skills

  • SaaS
  • Organized
  • Testing
  • Log Analysis
  • Cadence
  • HTTP
  • Inspection
  • Normalization
  • Web Applications
  • Penetration Testing
  • OSCP
  • Scripting
  • Python
  • Continuous Integration
  • Continuous Delivery
  • Cloud Computing
  • Amazon Web Services
  • Microsoft Azure
  • Computer Science
  • Computer Engineering
  • Information Security
  • API
  • GraphQL
  • MASS
  • Akamai
  • Lua
  • Web Browsers
  • Generative Artificial Intelligence (AI)
  • OWASP
  • WAF
  • Security Analysis
  • MEAN Stack
  • Customer Service
  • Training And Development
  • SAP BASIS

Summary

Software Guidance & Assistance, Inc., (SGA), is searching for a WAF Adversarial Engineer for a contract assignment with one of our premier SaaS clients in Seattle, WA. Will also consider remote candidates residing in PST.

Responsibilities:
  • Run adversarial test campaigns against our WAF stack (Akamai, AWS WAF, Fastly, and Cloudflare) after each rule update cycle.
  • Target encoding evasion, HTTP parsing differentials between WAF and origin, request smuggling, chunked encoding manipulation, multipart boundary abuse, Unicode normalization gaps, and logic layer bypasses.
  • Build and maintain a versioned WAF bypass library, organized by vulnerability class (SQLi, XSS, SSRF, path traversal, SSTI, etc.), validated against staging and production WAF configurations, and updated as platforms and rules evolve.
  • Conduct adversarial testing of API endpoints behind the WAF, including business logic abuse, BOLA/BFLA, mass assignment, and parameter manipulation. Document explicitly which classes of attack the WAF can and cannot reliably cover.
  • Triage complex false positive investigations that cannot be resolved through log analysis alone - reproduce the ambiguous traffic from the attacker side and recommend targeted rule adjustments.
  • Produce concise validation reports that translate offensive findings into testable rule candidates the team can refine and deploy. Each deliverable is a reproducer plus a rule recommendation, not a "bypass confirmed " note.
  • Provide adversarial perspective during active edge incidents - likely attacker behavior, blind spots, next probable moves.
  • Operate as the continuous validation function for the WAF program, integrated with the team's rule update cadence rather than running standalone pentest engagements.

Required Skills:
  • Demonstrated WAF bypass experience against at least two commercial WAF platforms (Akamai, AWS WAF, Fastly, or Cloudflare).
  • Deep working knowledge of HTTP protocol edge cases that affect WAF inspection: request smuggling primitives, chunked transfer encoding abuse, multipart boundary manipulation, Unicode normalization differentials, and header injection patterns.
  • Web application penetration testing track record with WAF-specific scope. OSCP, BSCP, OSWE, or a portfolio of disclosed bypasses, conference talks, or prior validation engagements against WAF-protected assets. Tool-running alone does not qualify. - Proven ability to translate offensive findings into defensive artifacts - reproducer plus rule candidate, not just a finding.
  • Strong scripting in Python or Go for building test harnesses, payload generators, and replay tooling.
  • Comfortable working in CI/CD pipelines and cloud environments (AWS or Azure). Plug into existing infrastructure rather than build it.
  • Education: Bachelor's degree in Computer Science, Computer Engineering, Information Security, or a related technical field, or equivalent demonstrated experience.
Preferred Skills:
  • API-specific attack surface depth: GraphQL injection, BOLA/BFLA, mass assignment.
  • Akamai platform internals: KRS / ASE rule engine, custom Lua / EdgeWorkers exposure.
  • Bot evasion at the behavioral layer: headless browser fingerprinting bypass, behavioral mimicry.
  • Familiarity with edge-layer LLM/GenAI guardrails (OWASP LLM Top 10, prompt injection mitigation at the WAF tier).
  • Public security research, CVE disclosures, or conference talks demonstrating original bypass work.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at . #LI-SH1

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: sgainc
  • Position Id: 26-01239
  • Posted 3 days ago

Company Info

About Software Guidance & Assistance

Founded in 1981, SGA is a technology and resource solutions provider with a national footprint and headquartered in the shadow of Wall Street. We’re a certified women-owned business. We provide contingent staffing, direct placement, and professional and managed services to transform businesses and evolve careers. We’re small enough to tailor our services to each client and big enough to deliver for some of the world’s largest employers. Our professionals are experts in areas such as IT, finance, accounting, risk, and clinical.

SGA provides contingent staffing, direct placement, and professional and managed services nationwide for Fortune 500 companies, mid-size businesses and select startups.

Our core skillsets include all areas of technology – business & data analysis, cyber & network security, database administration, development & architecture, infrastructure, program & project management, quality assurance & testing. We also deliver talent across professional business functions such as finance, accounting, risk, and clinical.

Our Professional & Managed Services team delivers IT projects through onshore, offshore and hybrid delivery models. We develop software products, modernize applications, add features, and integrate and maintain systems. Our scope covers, among others, complex application suites, data management and visualizations, machine learning and mobile applications.

About_Company_OneAbout_Company_Two
Go to company profile
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs