Cyber Security Design Specialist- Cloud Security

Service Design & Ownership

• Define theWAF and DDoS security service model including scope service tiers and supported use cases

• Establish standardDDoS protection levels and WAF baseline configurationsaligned with SAP security standards and customer requirements

• Define clear service boundaries ownership and responsibilities between architecture operations incident response and platform teams

• Act as the design authority for WAF and DDoS capabilities across hyperscalers (AWS Azure GCP AliCloud)

Operational Process Definition

• Design and documentendtoend operational processes including:

• Incident intake and triage

• Zeroday and emergency WAF rule deployment

• DDoS event escalation and customer communication

• Exception handling and rule lifecycle management

• DefineRACI models runbooks and playbooksfor the operations teams

• Establish change management testing rollback and approval workflows for WAF and DDoS changes

• Ensure processes are scalable auditable and aligned with compliance requirements

  Standards Architecture & Guardrails

  • Definereference architectures and security patternsfor application exposure ingress and egress

  • Review and remediate design antipatterns (e.g. overly permissive allowlists unmanaged custom rules)

  • Set guardrails that enable rapid response while minimizing operational and customer risk

  • Drive consistency and parity across hyperscaler implementations

  Enablement of Operations Teams

  • Enable Cloud Security Operations teams with:

  • Clear documentation and operational guidance

  • Preapproved rule templates and emergency procedures

  • Welldefined escalation paths and decision frameworks

  • Support onboarding and upskilling of ops teams through knowledge transfer and walkthroughs

  • Act as escalation support for complex or highrisk scenarios (design and policy guidance only)

  Stakeholder & Customer Alignment

  • Work with security architecture platform engineering incident response and compliance teams to align requirements

  • Translate customer security requirements into actionable service capabilities

  • Support customer conversations on WAF and DDoS posture capabilities and limitations

  • Provide leadershiplevel visibility into risk coverage gaps and service maturity

Required Experience & Skills

• 57 years of experience in cloud security application security or network security

• Strong handson background withWAF and DDoS technologies(design and configuration experience required; ops execution not required)

• Deep understanding of:

• Web attack patterns and OWASP Top 10

• Layer 7 and volumetric DDoS risks

• Hyperscaler security controls and shared responsibility models

• Proven experience definingsecurity services processes and operating models

• Excellent documentation communication and stakeholdermanagement skills

• Ability to influence without direct authority and drive adoption across teams

Team:Global Cloud Operations Security

The WAF and DDoS Security Engineer will be responsible for designing implementing maintaining and operating Web Application Firewall (WAF) and Distributed Denial of Service (DDoS) protection controls across multicloud environments. The role focuses on ensuring consistent security posture rapid response to emerging threats (including zeroday events) and operational resilience across hyperscaler platforms.