AWS WAF Security Engineer

Job Title: AWS WAF Security Engineer

Location: Atlanta, GA 30308 (Hybrid)

Duration: 12 Months

Client is strong experience on Web Application Firewall and AWS, Python, Bash, or PowerShell Experience with Infrastructure as Code (IaC) tools like AWS CloudFormation, Terraform, or Ansible.

Key Responsibilities:

• Design, implement, and manage AWS WAF to protect web applications from security threats.
• Develop and maintain automation scripts for WAF deployment and management.
• Collaborate with the security team to integrate AWS WAF with other security tools and services.
• Monitor and respond to security incidents related to web application threats.
• Create and manage Infrastructure as Code (IaC) templates for AWS WAF and related services.
• Conduct regular security assessments and audits of web applications.
• Provide technical support and troubleshooting for AWS WAF-related issues.
• Stay up-to-date with the latest security trends, threats, and technologies.

Requirements:

• Proven experience with AWS Web Application Firewall (WAF).
• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Experience with Infrastructure as Code (IaC) tools like AWS CloudFormation, Terraform, or Ansible.
• Strong understanding of web application security principles and best practices.
• Familiarity with AWS services and architecture.
• Experience with continuous integration and continuous deployment (CI/CD) pipelines.
• Excellent problem-solving skills and attention to detail.
• Strong communication and teamwork abilities.

Preferred Qualifications:

• Experience with other AWS security services (e.g., AWS Shield, AWS IAM).
• Knowledge of network security, firewalls, and intrusion detection/prevention systems.
• Relevant certifications (e.g., AWS Certified Security – Specialty) are a plus.

Relevant hands-on experience is critical. For example, if I review a candidate’s resume and see that they have spent three to three and a half years working exclusively with AWS WAF and have developed deep expertise in that area, I would definitely want to speak with them. From there, we could work through their resume and make minor adjustments to better position them for the client. Overall, a candidate with strong, solid, in-depth knowledge in a specific area is preferred.

What we need is a person who works on WAF, which is a web application firewall. So it's not the same as like a regular firewall. It's slightly different. It's the rules and permissions for the web application.

Specifically, we are looking for a Web Application Firewall (WAF) engineer with hands-on experience using AWS Web Application Firewall through the Amazon Web Services Management Console. This role requires direct, practical experience configuring and operating AWS WAF in a production environment.

The candidate must be proficient in scripting languages, including Python, Bash, and PowerShell, as they will be responsible for automation, tooling, and rule management.

We have observed that candidates with backgrounds focused primarily on infrastructure or network firewalls are often not a strong fit for this role. While there may be some conceptual overlap, that experience does not translate well to web application–layer security. We are specifically seeking someone who works closely with web applications and implements firewall controls at the application layer.

The role is entirely web-based and includes responsibility for security incident response related to web application firewalls. The engineer will be expected to set up AWS WAF configurations, write and maintain custom rules, define permissions, develop supporting tools, and respond to incidents arising from web-based threats.