Senior Web Application Firewall (WAF) Engineer

Senior Engineer WAF

About Us 

Zelis is modernizing the healthcare financial experience in the United States (U.S.) across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients.

Why We Do What We Do 

In the U.S., consumers, payers, and providers face significant challenges throughout the healthcare financial journey. Zelis helps streamline the process by offering solutions that improve transparency, efficiency, and communication among all parties involved. By addressing the obstacles that patients face in accessing care, navigating the intricacies of insurance claims, and the logistical challenges healthcare providers encounter with processing payments, Zelis aims to create a more seamless and effective healthcare financial system.

Zelis India plays a crucial role in this mission by supporting various initiatives that enhance the healthcare financial experience. The local team contributes to the development and implementation of innovative solutions, ensuring that technology and processes are optimized for efficiency and effectiveness. Beyond operational expertise, Zelis India cultivates a collaborative work culture, leadership development, and global exposure, creating a dynamic environment for professional growth. With hybrid work flexibility, comprehensive healthcare benefits, financial wellness programs, and cultural celebrations, we foster a holistic workplace experience. Additionally, the team plays a vital role in maintaining high standards of service delivery and contributes to Zelis’ award-winning culture. 

Position Overview

We are seeking a Senior WAF Engineer with 5–7+ years of experience in securing web applications and APIs using Web Application Firewalls (WAF) and edge security controls. The ideal candidate will have at least 3+ years of hands-on experience with Imperva (preferred) or Cloudflare.
In this role, you will be responsible for the design, implementation, and optimization of WAF policies, including rule tuning, deployment automation, and real-time response to security threats such as OWASP Top 10 vulnerabilities, bot attacks, and Layer 7 DDoS incidents.
You will collaborate closely with DevOps, SRE, and application development teams to enhance security posture while ensuring minimal false positives and maintaining optimal application performance.

Key Responsibilities

• Design, implement, and manage WAF policies for web applications and APIs across environments (dev/stage/prod).

• Configure and tune managed rules and custom rules to mitigate OWASP Top 10 (SQLi, XSS, CSRF, RCE, LFI/RFI, SSRF, etc.).

• Perform rule tuning and false-positive reduction using traffic baselining, exception handling, and staged enforcement (monitor → challenge → block).

• Implement rate limiting, IP reputation, geo/ASN controls, and bot mitigation strategies to reduce abuse and credential stuffing.

• Integrate WAF logs with SIEM/log platforms (Splunk, Sentinel, ELK, QRadar) and build dashboards/alerts for threat monitoring.

• Support incident response for active attacks (L7 DDoS, exploit attempts), including rapid mitigation and post-incident improvements.

• Automate deployments using IaC (Terraform/CloudFormation/ARM/Bicep) and integrate with CI/CD pipelines.

• Conduct periodic security reviews, reporting, and metrics tracking (blocked events, top attacks, FP rate, MTTR).

• Collaborate with app teams on secure configuration (headers, TLS, authentication flows) and compatibility testing.

• Demonstrated experience in automation using PowerShell or Python to integrate with Imperva APIs for scalable WAF policy deployment, configuration management, and operational efficiency.

Required Qualifications

• 7+ years experience in WAF engineering and Implementation.

• Hands-on experience with at least one WAF platform:  Imperva(preferred), Akamai, ModSecurity, AWS WAF, Azure WAF, Cloudflare, F5 ASM/Advanced WAF,

• Strong understanding of HTTP/HTTPS, web app architecture, REST APIs, and common attack patterns.

• Proven experience tuning WAF rules and balancing security vs. false positives.

• Experience with logging/monitoring and SIEM integrations.

• Scripting/automation skills: Powershell/Python/Bash (plus regex and JSON/YAML).

• Familiarity with CI/CD and Infrastructure-as-Code principles.

• Good troubleshooting and stakeholder communication skills.

Preferred Qualifications

• Experience with bot management and advanced detection techniques (behavioral, fingerprinting where supported).

• Experience with API gateways and API security controls (schema validation, auth hardening).

• Working knowledge of cloud networking/CDN/reverse proxy concepts.

• Security certifications: AWS Security Specialty, Azure Security Engineer, CCSP, CEH, Security+ (nice to have).

Tools & Technologies

WAF (AWS/Azure/Cloudflare/F5/Imperva), CDN, TLS, SIEM (Splunk/Sentinel), Terraform, CI/CD (Jenkins/GitHub Actions/Azure DevOps), Python, Linux, Git.

Commitment to Diversity, Equity, Inclusion, and Belonging

At Zelis, we champion diversity, equity, inclusion, and belonging in all aspects of our operations. We embrace the power of diversity and create an environment where people can bring their authentic and best selves to work. We know that a sense of belonging is key not only to your success at Zelis, but also to your ability to bring your best each day.

Equal Employment Opportunity

Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Accessibility Support

We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability and require reasonable accommodation with any part of the application and/or interview process, please email talentacquisition@zelis.com.

Experience Level

Senior Level