Azure Web Application Firewall & Cyber Security Tools Engineer

Azure Web Application Firewall & Cyber Security Tools Engineer
100% remote
1 year contract

We still need support on this role.

As a reminder, the manager is looking for an Azure WAF Expert with Terraform (70%) and knowledge of security tools (30%).
Notes from the intake call:

• 12-month contract.
• Fully remote allowed.
• 70% Azure Web Application Firewall expert.
• IaaC Terraform experience needed. Should be able to configure the firewall with Terraform.
• The client currently has one policy per domain. They will be splitting the policy per application.

Key Responsibilities

Azure WAF Operations

• Administer and maintain Azure Front Door WAF and Azure Application Gateway WAF policies, rulesets, exclusions, and custom signatures to protect web applications against OWASP Top 10 and emerging threats.
• Coordinate with application teams to design protection profiles per app and/or per path, align rules with business requirements, and ensure safe rollouts.
• Monitor WAF efficacy, coverage, and performance; analyze events and false positives; tune policies to reduce friction while maintaining strong protection.

Automation, Deployments & Configuration-as-Code

• Build and maintain Terraform modules for Azure Front Door and Application Gateway WAF resources, ensuring version-controlled deployments.
• Operate CI/CD pipelines for GitHub-based deployments, including branching strategies, environment promotion, and rollback procedures.
• Use Terraform code to define, validate, and deploy WAF configurations.

Stakeholder Support & Incident Response

• Respond to WAF-related tickets and inquiries using established TSSO processes; assist teams in interpreting WAF logs, diagnosing blocks, and resolving configuration challenges.
• Provide clear guidance during incidents/outages, including rapid policy tuning, targeted rule adjustments, and coordination with application owners and Infrastructure & Operations.
• Document operational standards, deployment runbooks, troubleshooting guides, and best practices.

Security Tools Support

• Provide operational support for additional security tools, including Proofpoint, Digital Guardian, Windows Certificate Services, Silverfort, Calico, F5 ASM, Rapid7 Nexpose, and Qualys.
• Assist in troubleshooting, performance tuning, and implementing updates or enhancements across supported platforms.

Required Skills & Experience

• Hands-on administration of Azure Front Door WAF and Azure Application Gateway WAF (policy authoring, tuning, exclusions, custom rules).
• Terraform expertise for Azure resources and GitHub deployments.
• Proven ability to use code to configure Azure firewalls/WAFs.
• Scripting skills to automate configuration, validations, and operational tasks (PowerShell, Bash, or Python).
• Strong understanding of web application security (OWASP Top 10, bot protection, API protection, TLS, header-based controls) and secure DevOps practices.

Desired Skills

• Experience with F5 ASM Web application Firewall and ASM policy tuning.
• Exposure to Calico, Proofpoint email security, Netskope, Digital Guardian, Silverfort, and vulnerability management tools.
• PKI fundamentals and certificate lifecycle management (Windows Certificate Services, CA hierarchies).
• Agile delivery experience (scrum/kanban, backlog grooming, story writing).
• Practical DevSecOps experience integrating security controls into CI/CD, policy-as-code, and automated testing.

Qualifications

• 5+ years in application security, cloud security, or network security engineering roles.
• Demonstrated success operating Azure WAF(Azure Front Door and/or Application Gateway).
• Track record of building infrastructure-as-code for security controls and running Git-based deployment pipelines.
• Excellent documentation, communication, and stakeholder collaboration skills.
• Ability to manage shifting priorities and deliver secure, reliable outcomes in a dynamic environment.