Web Application Firewall Engineer

Web Application Firewall (WAF) Engineer

About Us

 

CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. The Company’s cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations including the acquisition, sale, financing, insuring, repair, and maintenance of vehicles. By automating and streamlining critical workflows, the integrated platform of modern solutions enables dealers to sell and service more vehicles by creating simple and convenient experiences for customers and improves their financial and operational performance.

Position Summary

The Web Application Firewall (WAF) Engineer is a specialized security engineering role responsible for designing, implementing, and operating web application protection controls across CDK’s cloud and on‑premises environments. This role focuses on safeguarding customer and internet facing web applications from modern threats such as OWASP Top 10 risks, bot abuse, and API attacks. The WAF Engineer partners with Application, Cloud, and Infrastructure teams to embed scalable, resilient, and automated web security controls aligned with zero trust and enterprise risk management objectives.

Responsibilities

·         Design, deploy, and manage Web Application Firewall (WAF) solutions protecting internet-facing web applications

·         Configure, tune, and maintain WAF policies to mitigate OWASP Top 10 vulnerabilities, bot attacks, and application-layer threats

·         Operate WAF platforms across cloud and hybrid environments, including integration with CDNs, load balancers, and ingress services

·         Partner with Application and DevOps teams to embed WAF controls into CI/CD pipelines and application delivery workflow

·         Analyze WAF alerts and logs to identify attack patterns, reduce false positives, and improve detection efficacy

·         Support API security use cases including rate limiting, schema validation, and abuse prevention

·         Implement WAF rule lifecycle management processes including testing, promotion, and rollback

·         Drive automation of WAF configuration and deployment using infrastructure as code and APIs

·         Participate in incident response related to web application attacks, including containment and root cause analysis

·         Document WAF standards, reference architectures, and operational procedures

Qualifications

·         Bachelor’s Degree in Computer Science, Information Security, or equivalent combination of education and relevant experience

·         5+ years of experience in application or network security engineering roles

·         Hands-on experience operating Web Application Firewalls in enterprise or SaaS environments

·         Strong understanding of web application architecture, HTTP/S, REST APIs, and common attack techniques

·         Experience mitigating OWASP Top 10 vulnerabilities and application-layer threats

·         Working knowledge of cloud platforms (AWS, Azure, or GCP) and cloud-native application delivery services

·         Ability to analyze security logs, tune detection logic, and balance security controls with application availability

·         Strong collaboration skills and experience working with development and platform teams

Preferred Qualifications

·         Experience with leading WAF platforms such as Cloudflare, Akamai, AWS WAF, Azure WAF, F5, or similar technologies

·         Background securing APIs and microservices architectures, including API gateways and service meshes

·         Experience integrating WAF controls into DevSecOps and CI/CD pipelines

·         Knowledge of bot management, DDoS mitigation, and edge security services

·         Experience supporting compliance-driven environments and participating in security assessments

·         Relevant certifications such as GWAPT, CSSLP, CISSP, or vendor-specific WAF and cloud security certifications

 

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US.  CDK may offer employer visa sponsorship to applicants.

Experience Level

Senior Level