Web Application Firewall (WAF) BAU Support Engineer
Share
Job Location:
Monthly Salary:
Posted on:
8 hours ago
Vacancies:
1 Vacancy
Job Summary
Role Overview
The Web Application Firewall (WAF) BAU Support Engineer is responsible for business-as-usual
(BAU) operations monitoring
incident support policy administration and continuous optimization of Akamai WAF services
including Kona Site Defender
(KSD) / App & API Protector (AAP) (as applicable). The role ensures stable secure and
compliant protection of web and API
applications by managing rule tuning onboarding change execution alert triage reporting and
stakeholder coordination
with Application DevOps SOC and Network teams.
The Web Application Firewall (WAF) BAU Support Engineer is responsible for business-as-usual
(BAU) operations monitoring
incident support policy administration and continuous optimization of Akamai WAF services
including Kona Site Defender
(KSD) / App & API Protector (AAP) (as applicable). The role ensures stable secure and
compliant protection of web and API
applications by managing rule tuning onboarding change execution alert triage reporting and
stakeholder coordination
with Application DevOps SOC and Network teams.
Key Responsibilities
1. BAU Operations & Platform Administration
- Perform daily health checks and monitoring of Akamai WAF configurations alerts and security
events.
- Manage user access roles and operational workflows in Akamai Control Center (as per
governance).
- Handle BAU service requests (policy updates exceptions onboarding/offboarding rule
changes) within defined SLAs.
- Maintain SOPs/runbooks operational checklists and knowledge articles for repeatable BAU
execution.
2. Akamai WAF Policy Management (KSD / AAP)
- Administer and support WAF security configurations: protections rule sets attack groups and
threat intelligence controls.
- Tune policies to reduce false positives while preserving coverage for OWASP Top 10 and
common web attacks.
- Manage allowlists/denylists IP reputation actions custom rules and match targets (URLs
headers cookies parameters).
- Support API protection use-cases (JSON/XML endpoints methods) including rule tuning and
exception governance.
- Validate changes in staging/testing and promote to production through controlled change
processes.
3. Incident Triage & Security Operations Support
- Triage WAF alerts and incidents; analyze request logs SIEM alerts and Akamai security events
for suspicious activity.
1. BAU Operations & Platform Administration
- Perform daily health checks and monitoring of Akamai WAF configurations alerts and security
events.
- Manage user access roles and operational workflows in Akamai Control Center (as per
governance).
- Handle BAU service requests (policy updates exceptions onboarding/offboarding rule
changes) within defined SLAs.
- Maintain SOPs/runbooks operational checklists and knowledge articles for repeatable BAU
execution.
2. Akamai WAF Policy Management (KSD / AAP)
- Administer and support WAF security configurations: protections rule sets attack groups and
threat intelligence controls.
- Tune policies to reduce false positives while preserving coverage for OWASP Top 10 and
common web attacks.
- Manage allowlists/denylists IP reputation actions custom rules and match targets (URLs
headers cookies parameters).
- Support API protection use-cases (JSON/XML endpoints methods) including rule tuning and
exception governance.
- Validate changes in staging/testing and promote to production through controlled change
processes.
3. Incident Triage & Security Operations Support
- Triage WAF alerts and incidents; analyze request logs SIEM alerts and Akamai security events
for suspicious activity.
- Work with SOC/IR teams to support investigations by providing evidence (request samples
rule hits attack timelines).
- Support immediate containment actions (temporary blocks rate controls rule updates)
following approval/workflow.
- Coordinate with application owners to confirm legitimate traffic and implement safe
mitigations.
4. Onboarding & Change Implementation
- Onboard new web applications/APIs into Akamai WAF: requirements gathering match targets
policy selection and baselining.
- Coordinate DNS/Property changes with Akamai CDN teams where required (property manager
alignment and versioning).
- Execute changes: configuration updates rule tuning exception approvals and controlled
rollouts.
- Perform post-change validation and monitoring to ensure no business impact and adequate
protection.
5. Reporting Compliance & Continuous Improvement
- Generate BAU reports: top attacks blocked/allowed trends false positive analysis coverage
status and SLA metrics.
- Support audit/compliance evidence requests (change records configuration snapshots
exceptions approvals).
- Drive problem management by identifying recurring issues and improving baselines
automation and documentation.
- Recommend enhancements for posture improvement: rule upgrades new protections
bot/DoS controls (if in scope).
6. Integration & Tooling (as applicable)
- Support integrations with SIEM/SOAR and ticketing tools (ServiceNow/Jira) for alert ingestion
and workflow automation.
- Monitor API-based integrations and log delivery pipelines; troubleshoot failures and
performance issues.
- Maintain tagging dashboards and operational alerts for proactive detection of
configuration/traffic anomalies.
rule hits attack timelines).
- Support immediate containment actions (temporary blocks rate controls rule updates)
following approval/workflow.
- Coordinate with application owners to confirm legitimate traffic and implement safe
mitigations.
4. Onboarding & Change Implementation
- Onboard new web applications/APIs into Akamai WAF: requirements gathering match targets
policy selection and baselining.
- Coordinate DNS/Property changes with Akamai CDN teams where required (property manager
alignment and versioning).
- Execute changes: configuration updates rule tuning exception approvals and controlled
rollouts.
- Perform post-change validation and monitoring to ensure no business impact and adequate
protection.
5. Reporting Compliance & Continuous Improvement
- Generate BAU reports: top attacks blocked/allowed trends false positive analysis coverage
status and SLA metrics.
- Support audit/compliance evidence requests (change records configuration snapshots
exceptions approvals).
- Drive problem management by identifying recurring issues and improving baselines
automation and documentation.
- Recommend enhancements for posture improvement: rule upgrades new protections
bot/DoS controls (if in scope).
6. Integration & Tooling (as applicable)
- Support integrations with SIEM/SOAR and ticketing tools (ServiceNow/Jira) for alert ingestion
and workflow automation.
- Monitor API-based integrations and log delivery pipelines; troubleshoot failures and
performance issues.
- Maintain tagging dashboards and operational alerts for proactive detection of
configuration/traffic anomalies.
Required Skills & Experience
- 3 years of experience in WAF / Web Security Operations / Network Security or Cybersecurity
Operations.
- Hands-on BAU support experience with Akamai WAF (Kona Site Defender and/or App & API
Protector).
- Solid understanding of HTTP/HTTPS TLS web application architectures APIs (REST) and
common attack techniques.
- Practical experience with WAF tuning: false positive reduction allowlisting custom rules and
exception governance.
- 3 years of experience in WAF / Web Security Operations / Network Security or Cybersecurity
Operations.
- Hands-on BAU support experience with Akamai WAF (Kona Site Defender and/or App & API
Protector).
- Solid understanding of HTTP/HTTPS TLS web application architectures APIs (REST) and
common attack techniques.
- Practical experience with WAF tuning: false positive reduction allowlisting custom rules and
exception governance.
- Experience with ITIL processes and ticketing/change tools (ServiceNow/Jira) and working
within SLAs.
within SLAs.
Preferred Skills
- Familiarity with Akamai Property Manager origin behaviors caching and traffic routing
basics.
- Experience with bot management and DDoS mitigations (Akamai Bot Manager / Prolexic / rate
controls) if in scope.
- Log/SIEM skills (Splunk Sentinel QRadar) for correlation and investigations.
- Scripting/automation exposure (Python/PowerShell) for reporting IOC management and
workflow automation.
- Security certifications (e.g. Security CEH) or vendor certifications; Akamai experience is a
strong plus.
- Familiarity with Akamai Property Manager origin behaviors caching and traffic routing
basics.
- Experience with bot management and DDoS mitigations (Akamai Bot Manager / Prolexic / rate
controls) if in scope.
- Log/SIEM skills (Splunk Sentinel QRadar) for correlation and investigations.
- Scripting/automation exposure (Python/PowerShell) for reporting IOC management and
workflow automation.
- Security certifications (e.g. Security CEH) or vendor certifications; Akamai experience is a
strong plus.
Behavioral / Soft Skills
- Strong troubleshooting analytical skills and attention to detail for rapid triage and accurate
tuning.
- Effective communication with application owners SOC DevOps and business stakeholders.
- Ability to work under pressure during incidents and execute changes with strong change
discipline.
- Documentation mindset to maintain runbooks and reduce repeat tickets through
standardization.
- Strong troubleshooting analytical skills and attention to detail for rapid triage and accurate
tuning.
- Effective communication with application owners SOC DevOps and business stakeholders.
- Ability to work under pressure during incidents and execute changes with strong change
discipline.
- Documentation mindset to maintain runbooks and reduce repeat tickets through
standardization.
Operational Details (Optional Include if relevant)
- Shift Model: 24x7 / 16x5 / 8x5 (as applicable)
- On-call: Rotational (as applicable)
- KPIs: SLA adherence false positive reduction time-to-mitigate uptime/availability change
success rate audit readiness
- Shift Model: 24x7 / 16x5 / 8x5 (as applicable)
- On-call: Rotational (as applicable)
- KPIs: SLA adherence false positive reduction time-to-mitigate uptime/availability change
success rate audit readiness
