About the Company
We show commitment to our investors and stand for solid, long-term growth performance. Founded in Germany in 1987 and in American territory since 2008, GFT expanded globally to over 10,000 experts. And to more than 15 markets to ensure proximity to clients. With new opportunities from Asia to Brazil, the international growth story continues. We are committed to grow tech talents worldwide. Because our teams strong consulting and development skills across legacy and pioneering technologies, like GreenCoding, underpin success. We maintain a family atmosphere in an inclusive work environment.
Responsibilities
- Design, implement, and manage WAF security policies, with a primary focus on Cloudflare, to protect internet-facing applications
- Continuously refine and improve WAF rules and policies, standardizing operational practices and creating detailed documentation
- Provide L3 level support for operational issues, troubleshoot and resolve complex problems
- Employ infrastructure-as-code (IaC) tooling, particularly Terraform, to automate the provisioning and management of configurations
- Conduct in-depth analyses of web traffic patterns and security logs to identify and mitigate potential threats
- Collaborate with application teams to ensure WAF policies align with security requirements and best practices
- Stay current with emerging web application threats and adjust WAF policies accordingly
Requirements
- At least 5 years of hands-on experience in Web Application Security, with a significant focus on security policy management
- Extensive experience with Cloudflare WAF, including writing and tuning security policies
- Experience with Custom WAF rules such as Firewall Rules, Rate Limiting, Bot Management, Managed Rules
- Strong knowledge of web application security concepts, common vulnerabilities (e.g., OWASP Top 10), and attack vectors (DDoS)
- Hands-on experience with infrastructure-as-code, particularly Terraform
- Experience with log / data analysis and SIEM tools (e.g., Splunk)
- Proficiency in at least one scripting or programming language (e.g., Python, Bash) for automation tasks
- Experience with public cloud providers (AWS, Azure, or GCP) and their native security services
- Familiarity with CI/CD pipelines and version control systems (e.g., Git)
- Understanding of network protocols and web technologies (HTTP/HTTPS, SSL/TLS, DNS)
- B.S. in Information Technology, Computer Science, or a similar technical program
- Exceptional communication skills, capable of effectively articulating technical concepts to both technical and non-technical audiences
- Strong analytical and problem-solving skills, with meticulous attention to detail
- Proven ability to self-manage, prioritize tasks, and handle ambiguity and rapid changes in priorities
- Demonstrated experience in managing stakeholder expectations and delivering projects within defined timelines
- A commitment to continuous learning and adaptability to new technologies and changing environments
Benefits
- Competitive Compensation
- Benefits package including comprehensive medical, dental, vision and others
- Company Culture based on our Core Values
- Professional Development Training with Individual Development Plans to map out your career growth
- Opportunity to work in a global environment with diverse teams built with colleagues from around the world
- Opportunity to work with technology industry leaders in the financial services industry
- Opportunity to work for big name clients in capital markets, banking and other industries