DevOps Engineer working in an agile team at Swisscom. Focusing on development, automation, and integration of customised solutions in cloud environments.
About the role
- WAF Engineer securing web applications and APIs for healthcare technology. Collaborating with DevOps/SRE teams to enhance security while minimizing performance impact.
Responsibilities
- Design, implement, and manage WAF policies for web applications and APIs across environments (dev/stage/prod)
- Configure and tune managed rules and custom rules to mitigate OWASP Top 10 (SQLi, XSS, CSRF, RCE, LFI/RFI, SSRF, etc.)
- Perform rule tuning and false-positive reduction using traffic baselining, exception handling, and staged enforcement (monitor → challenge → block)
- Implement rate limiting, IP reputation, geo/ASN controls, and bot mitigation strategies to reduce abuse and credential stuffing
- Integrate WAF logs with SIEM/log platforms (Splunk, Sentinel, ELK, QRadar) and build dashboards/alerts for threat monitoring
- Support incident response for active attacks (L7 DDoS, exploit attempts), including rapid mitigation and post-incident improvements
- Automate deployments using IaC (Terraform/CloudFormation/ARM/Bicep) and integrate with CI/CD pipelines
- Conduct periodic security reviews, reporting, and metrics tracking (blocked events, top attacks, FP rate, MTTR)
- Collaborate with app teams on secure configuration (headers, TLS, authentication flows) and compatibility testing
Requirements
- 5+ years experience in WAF engineering / application security / edge security
- Hands-on experience with at least one WAF platform: AWS WAF, Azure WAF, Cloudflare, F5 ASM/Advanced WAF, Imperva, Akamai, ModSecurity (any one or more)
- Strong understanding of HTTP/HTTPS, web app architecture, REST APIs, and common attack patterns
- Proven experience tuning WAF rules and balancing security vs. false positives
- Experience with logging/monitoring and SIEM integrations
- Scripting/automation skills: Powershell/Python/Bash (plus regex and JSON/YAML)
- Familiarity with CI/CD and Infrastructure-as-Code principles
- Good troubleshooting and stakeholder communication skills.
Benefits
- hybrid work flexibility
- comprehensive healthcare benefits
- financial wellness programs
- cultural celebrations
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Applied AI Engineer deploying AI - enabled solutions for enterprise customers while collaborating with teams. Involves direct customer interaction and technical project execution.
Engineer specializing in building automation in hybrid work environment at sic architekten gmbh. Contributing to sustainable and functional building projects in Köln.
EHS and Quality Engineer responsible for compliance with Primetals Quality and EHS programs. Joining a leading partner in engineering and lifecycle services for the metal industry.
Project Engineer managing technically demanding national and international large - scale projects. Involvement from first inquiry to execution with a global presence in construction technology.
Dual Fuel Smart Meter Engineer installing smart meters in domestic properties for Utilita. Championing customer first mindset and industry leading Customer Experience while collaborating with internal teams.
Dual Fuel Smart Meter Engineer responsible for installing smart meters in domestic properties at Utilita. Championing customer experience and collaborating with technical support teams.
Provide customer support through installation and servicing of linear accelerators at Varian. Involves extensive travel and technical support of imaging systems and equipment.
Jr. NPI Engineer supporting product and process implementation at Establishment Labs, a rapidly growing medical device company. Collaborating across departments to ensure high - quality operations compliance.
Engineer I providing technical engineering support for electrical trades at Rosendin. Assisting in design and consultation under supervision while developing engineering skills and competencies.