L3 – Web Application Firewall Lead (Cloudflare WAF)
Location: Mumbai
Mode: Hybrid
Job Summary:
ITCI Cyber Security team is looking for the role who is operational excellence and strategic configuration of Cloudflare WAF, focused on protecting public-facing web assets.
The individual will ensure accurate ruleset deployment, threat intelligence tuning, and real-time attack mitigation.
Additionally, the role requires extensive engagement with application owners and dev teams to fine-tune security without compromising performance.
Key Responsibilities:
- Manage Cloudflare WAF policies and rulesets to protect financial web apps from OWASP Top 10 threats and zero-day exploits.
- Oversee rule tuning, false positive management, and configuration of Bot Mitigation, Rate Limiting, and DDoS Protection.
- Participate in vulnerability remediation cycles, ensuring virtual patching through WAF policies.
- Conduct monthly policy reviews, perform simulated attacks for resilience validation, and apply version updates as needed.
- Document all policy configurations, rationales, and threat detection results for audit and governance.
- Work with developers and AppSec teams to align WAF policies with application behaviour and threat models.
- Troubleshoot web traffic issues, SSL certificate renewals, and secure CDN operations.
- Provide architectural input on securing new applications and APIs through Cloudflare WAF.
- Support incident response activities, forensic analysis, and ensure high availability of WAF configurations.
Key Skills & Certifications:
- 8+ years in application or network security; 3+ years Cloudflare WAF experience.
- Strong hands-on with OWASP, HTTP/HTTPS protocols, TLS configurations, and Cloudflare dashboards.
- Cloudflare Certified, CEH, or OSWE preferred.
- In-depth understanding of RBI and SEBI appsec controls and web access compliance.