Cyber Security Engineer (WAF SME)

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: Cyber Security Engineer (WAF SME). Location: Atlanta, GA. About the Role:

• We are seeking a Security Engineer (WAF SME) to join a dynamic security operations function. In this role, you will lead day-to-day operations, tuning, and incident response for our Web Application Firewall (WAF) and broader Web Application & API Protection (WAAP) stack-Akamai (primary) and Cloudflare (secondary).
• You will maintain platform stability, drive false-positive reduction, improve protection efficacy against evolving threats, and ensure changes move safely through our standard change processes.
• You will collaborate closely with SOC/IR, App/Dev, SRE, and Network teams and participate in an on-call rotation for major incidents.

What You Will Be Doing:

• Operational Support & Incident Handling
  • Monitor and action WAF/edge security ticket queues; resolve incidents and service requests with clear, timely communication.
  • Triage and respond to Layer 7 events (e.g., bot abuse, credential stuffing, API abuse, SQLi/RCE attempts, L7 DDoS), escalating as needed.
  • Provide on-call support for Sev 1/Sev 2 incidents; collaborate with SOC/IR, SRE, and application owners on containment and recovery.
• Platform Administration & Tuning
  • Onboard, configure, tune, and optimize Akamai and Cloudflare WAF policies (managed & custom rules, rate limiting, geo/IP/ASN controls, mTLS, headers).
  • Manage bot management controls (scoring, allowlists, challenges/JS, behavioral features where available).
  • Implement policies for OWASP Top 10, API/WAAP protections, and business logic abuse mitigation.
  • Balance security vs. latency/caching; measure impacts and roll out changes safely.
• Change, Hygiene & Governance
  • Execute changes via standard change control (peer review, testing, staged rollout, rollback plans).
  • Maintain certificate management, safe DNS/edge updates, and favor policy-as-code approaches where possible.
  • Provide platform health/status reporting with recommendations to reduce incident volume and downtime.
• Monitoring, Telemetry & Reporting
  • Integrate WAF/edge telemetry with SIEM; maintain dashboards for threat trends, false positive rates, coverage, and hygiene.
  • Create actionable alerts and runbooks/SOPs to accelerate response and reduce recurrence.
• Collaboration & Enablement
  • Partner with SOC/IR to enhance playbooks and Dev/App teams to align policies with application behavior.
  • Contribute to internal knowledge base and continuous improvement of control efficacy and resiliency.
  • Track emerging threats and vendor updates; recommend timely configuration changes and control enhancements.

What You Need (Required Qualifications):

• Bachelor's degree in Computer Engineering (or related field) or equivalent practical experience.
• 3-6 years' hands-on experience operating in Network Security space for any enterprise environment.
• Must have at least 2 years of hands-on experience with Akamai.
• Demonstrated expertise in policy tuning and incident response for web and API protections (blocking vs. challenge strategies, exception handling, FP reduction).
• Solid grasp of TLS/PKI, DNS, CDN caching/edge routing, and performance tradeoffs.
• Experience integrating WAF logs into SIEM and building actionable dashboards/alerts.
• Scripting/automation exposure (Terraform, bash, Python, Ansible or PowerShell), comfort with JSON/YAML and regex; API/CLI experience beneficial.
• Strong analytical troubleshooting, communication, and cross-team collaboration skills.
• Willingness to participate in rotational on-call.

Nice to Have (Preferred):

• Certifications: Akamai ACA/ACP, Cloudflare, CISSP, Security , GIAC (GWAPT/GWEB/GCIH), PCI ISA, AZ 104/AZ 700, AWS SAA/SOAA.
• Familiarity with any of following: Cloudflare, Fastly, Imperva, F5 ASM/Advanced WAF, Azure Front Door, AWS CloudFront WAF.
• Vendor/platform depth: F5 iRules, Fastly VCL behaviors, or vendor policy DSLs.
• Broader security stack familiarity (e.g., DDoS scrubbing, SIEM/SOAR, CASB/CSPM, vuln management).
• DevSecOps experience including CI/CD integration for edge policy promotion/testing.
• Payments/financial services experience; working knowledge of PCI DSS, NIST CSF, ISO 27001.

Additional Skills:

• Expert/lead technical role. Expert knowledge of the field. Develops large and/or highly complex solutions that require analysis and research.
• Works on multiple projects as a project leader or technical leader/consultant. Works on complex tasks, projects or issues that involve a high degree of risk, impacts business unit performance and makes use of the individuals' high level of knowledge within one or more areas of specialty.
• Coaches and mentors more junior technical staff. Works without supervision on the most complex projects. Complete latitude for independent judgment.
• Typically requires seven (7) or more years of demonstrated experience. Frequently reports to an IT Security Administration Manager.

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.