The WAF Security Engineer is responsible for operating, securing, and evolving the organization’s application exposure and protection platforms.
The role focuses on Web Application Firewalls (WAF), reverse proxies, anti-DDoS, and external access services, ensuring the confidentiality, integrity, and availability of business-critical applications.
The engineer works closely with network, security, and application teams to protect Internet-facing services against Layer-7 threats, bots, abuse patterns, and volumetric or application-level attacks.
Responsibilities:
WAF & Application Security Operations
* Operate and maintain multi-vendor WAF platforms (F5, ADC Netscaler & AWS).
* Design, configure, and maintain application security policies, including:
* Positive and negative security models
* Signature-based protection and behavioral analysis
* Bot mitigation, brute-force protection, and abuse prevention
* Manage the full lifecycle of WAF rules: creation, tuning, validation, deployment, and optimization.
* Analyze and reduce false positives/negatives while maintaining application availability and performance.
Reverse Proxy & External Access Services
* Operate reverse proxy and external access gateways ( F5, ADC Netscaler & AWS ).
* Manage SSL/TLS offloading, certificate lifecycle, and cryptographic standards.
* Support secure application exposure across DMZ, on-premise, private cloud, and hybrid environments.
Anti-DDoS & Resilience
* Support anti-DDoS solutions (AWS-based and ISP-managed services) integrated with WAF platforms.
* Participate in attack mitigation strategies for volumetric and application-layer threats.
Security Operations & Governance
* Monitor security events, alerts, and dashboards related to WAF and external access services.
* Handle incident and problem management, including troubleshooting, root cause analysis (RCA), and post-incident reports (PIR).
* Participate in change and configuration management, including upgrades, patches, and controlled rollouts.
* Maintain operational documentation, architecture diagrams, and configuration inventories.
* Coordinate with vendors and third parties for escalations and technical support.
Experience:
* 7+ years of experience in network and application security operations.
* Strong hands-on experience with Web Application Firewalls (F5, NetScaler).
* Solid understanding of HTTP/S, SSL/TLS, web architectures, and application flows.
* Experience securing Internet-facing applications in large, multi-site enterprise environments.
Additional experience or knowledge in the following technologies is considered a strong asset:
* Network Firewalls (Fortinet FortiGate, CheckPoint).
* Secure remote access and VPN solutions (Cisco ASA / AnyConnect).
* Identity and access services (Cisco ISE, RSA MFA).
* Network security management and policy analysis tools.
* Secure DNS, IPAM, and infrastructure services.
* Fluent in English, knowledge of French
Our Offer:
* An attractive salary package with or without a company car
* 5 additional vacation days each year
* A dedicated training program with personal development plans
* Extra-legal advantages (IT material, banks, ...)
* Regular events with the CTG team : learning lunchs, team buildings, fun events, Xmas, Marathons, ...
If you like multicultural teams and want to join a company with open communication, then apply right now !
Please note that a criminal record will be asked for this position.