ZipRecruiter

Log In

2

Remote Waf Jobs (NOW HIRING)

Futran Tech Solutions Pvt. Ltd.

Cloud Security WAF

$49 - $65.50/hr

Cloud Security Architect WAF with Cloudflare Long Term REMOTE - Austin, TX Responsibilities Web Application Security: * Supports, Troubleshoots, configures, deploys, and maintains Web Application ...

TerraForm Power

Engineer/Senior Engineer, Firewall

$117K - $160K/yr

They are seeking a Senior Engineer for their Remote Operations Centre to design, implement, and ... Check Point). • Working knowledge of WAF technologies and web security (OWASP Top 10, TLS, mTLS ...

next page

Showing results 1-20

All JobsRemote Waf Jobs

Remote Waf information

What is a Remote WAF?

A Remote WAF, or Web Application Firewall, is a security solution that protects web applications from common cyber threats such as SQL injection, cross-site scripting (XSS), and other vulnerabilities. Unlike traditional WAFs that are installed directly on the application server, a Remote WAF is hosted offsite, often in the cloud, and works by filtering and monitoring traffic before it reaches the application. This allows businesses to secure their web applications without managing the infrastructure themselves. Remote WAFs offer flexibility, scalability, and simplified management, making them a popular choice for organizations with distributed or cloud-based applications.

How does a Remote WAF (Web Application Firewall) Engineer typically collaborate with other IT teams to maintain application security?

A Remote WAF Engineer works closely with development, operations, and security teams to ensure that web applications remain protected against threats. This often involves regular communication via virtual meetings, ticketing systems, and documentation platforms to discuss vulnerabilities, review logs, and coordinate on incident responses. The role may also include providing recommendations for secure coding practices and assisting with security patch deployments. Effective collaboration ensures timely identification and mitigation of potential risks across the application lifecycle.

What is the difference between Remote Waf vs Remote Web Application Firewall Specialist?

AspectRemote WafRemote Web Application Firewall Specialist
CertificationsTypically includes security certifications like CEH, CISSPOften requires certifications like CEH, OSCP, or vendor-specific WAF certifications
Work EnvironmentRemote, cybersecurity-focused teamsRemote, security and network-focused roles
Industry UsageUsed across various industries for web securitySpecialized role within cybersecurity teams
Job FocusImplementing and managing Web Application FirewallsConfiguring, tuning, and monitoring WAFs for security

Remote Waf refers broadly to roles involving Web Application Firewalls, while Remote Web Application Firewall Specialist is a specialized position focusing on configuring and managing WAFs. Both roles require cybersecurity knowledge, but the specialist role emphasizes hands-on management and tuning of WAF solutions.

What are the key skills and qualifications needed to thrive as a Remote Web Application Firewall (WAF) Engineer, and why are they important?

To thrive as a Remote WAF Engineer, you need a strong background in cybersecurity, network protocols, and web application security, typically supported by a degree in computer science or related certifications like CEH or CISSP. Familiarity with WAF platforms (such as AWS WAF, Imperva, or Cloudflare), scripting languages, and security monitoring tools is essential. Standout soft skills include analytical thinking, problem-solving, and effective remote communication for collaborating with distributed teams. These skills are crucial to proactively detect, mitigate, and communicate web security threats, ensuring robust protection for critical online assets.
More about Remote Waf jobs
What cities are hiring for Remote Waf jobs? Cities with the most Remote Waf job openings:
What are the most commonly searched types of Waf jobs? The most popular types of Waf jobs are:
What states have the most Remote Waf jobs? States with the most job openings for Remote Waf jobs include:
What job categories do people searching Remote Waf jobs look for? The top searched job categories for Remote Waf jobs are:
Remote Waf jobs near you
Infographic showing various Remote Waf job openings in the United States as of June 2026, with employment types broken down into 80% Full Time, and 20% Contract. Highlights an 100% Remote job distribution.
WAF Adversarial Engineer

WAF Adversarial Engineer

Software Guidance & Assistance

Seattle, WA • On-site, Remote

Other

Posted 2 days ago

Job description

Software Guidance & Assistance, Inc., (SGA), is searching for a WAF Adversarial Engineer for a contract assignment with one of our premier SaaS clients in Seattle, WA. Will also consider remote candidates residing in PST.
Responsibilities:
  • Run adversarial test campaigns against our WAF stack (Akamai, AWS WAF, Fastly, and Cloudflare) after each rule update cycle.
  • Target encoding evasion, HTTP parsing differentials between WAF and origin, request smuggling, chunked encoding manipulation, multipart boundary abuse, Unicode normalization gaps, and logic layer bypasses.
  • Build and maintain a versioned WAF bypass library, organized by vulnerability class (SQLi, XSS, SSRF, path traversal, SSTI, etc.), validated against staging and production WAF configurations, and updated as platforms and rules evolve.
  • Conduct adversarial testing of API endpoints behind the WAF, including business logic abuse, BOLA/BFLA, mass assignment, and parameter manipulation. Document explicitly which classes of attack the WAF can and cannot reliably cover.
  • Triage complex false positive investigations that cannot be resolved through log analysis alone - reproduce the ambiguous traffic from the attacker side and recommend targeted rule adjustments.
  • Produce concise validation reports that translate offensive findings into testable rule candidates the team can refine and deploy. Each deliverable is a reproducer plus a rule recommendation, not a "bypass confirmed " note.
  • Provide adversarial perspective during active edge incidents - likely attacker behavior, blind spots, next probable moves.
  • Operate as the continuous validation function for the WAF program, integrated with the team's rule update cadence rather than running standalone pentest engagements.

Required Skills:
  • Demonstrated WAF bypass experience against at least two commercial WAF platforms (Akamai, AWS WAF, Fastly, or Cloudflare).
  • Deep working knowledge of HTTP protocol edge cases that affect WAF inspection: request smuggling primitives, chunked transfer encoding abuse, multipart boundary manipulation, Unicode normalization differentials, and header injection patterns.
  • Web application penetration testing track record with WAF-specific scope. OSCP, BSCP, OSWE, or a portfolio of disclosed bypasses, conference talks, or prior validation engagements against WAF-protected assets. Tool-running alone does not qualify. - Proven ability to translate offensive findings into defensive artifacts - reproducer plus rule candidate, not just a finding.
  • Strong scripting in Python or Go for building test harnesses, payload generators, and replay tooling.
  • Comfortable working in CI/CD pipelines and cloud environments (AWS or Azure). Plug into existing infrastructure rather than build it.
  • Education: Bachelor's degree in Computer Science, Computer Engineering, Information Security, or a related technical field, or equivalent demonstrated experience.
Preferred Skills:
  • API-specific attack surface depth: GraphQL injection, BOLA/BFLA, mass assignment.
  • Akamai platform internals: KRS / ASE rule engine, custom Lua / EdgeWorkers exposure.
  • Bot evasion at the behavioral layer: headless browser fingerprinting bypass, behavioral mimicry.
  • Familiarity with edge-layer LLM/GenAI guardrails (OWASP LLM Top 10, prompt injection mitigation at the WAF tier).
  • Public security research, CVE disclosures, or conference talks demonstrating original bypass work.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.

Apply