Haystack
← Back to Jobs
Engineering

F5 Web Application Firewall (WAF) Engineer

Cyber 1 ArmorUnited States🇺🇸United StatesPosted 9 Jul 2026

Why This Role Stands Out

Elevate your career as an F5 WAF Engineer by designing, deploying, and automating advanced security protections for enterprise applications, offering significant growth and impact. This hybrid role is ideal for mid-senior engineers passionate about security, automation, and developing cutting-edge WAF solutions, providing a fantastic opportunity to hone your skills in a dynamic environment. Apply now to join a leading company and make a tangible difference in cybersecurity.

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

F5 Web Application Firewall (WAF) Engineer
Location : Remote
contracts
The contractor will design, deploy, automate, and operationalize F5 BIG-IP Advanced WAF protections across enterprise applications, with measurable improvements in security posture, operational efficiency, policy lifecycle management, and audit-ready documentation.
2. Scope of Services
  • Design, configure, and deploy F5 BIG-IP Advanced WAF policies for web and API applications
  • Implement security protections including OWASP Top 10, Bot Defense, Behavioral DoS, Positive Security Models, and API Security
  • Develop Python automation for WAF policy deployment, log analysis, configuration drift detection, and attack correlation
  • Build automation using iControl REST, AS3, Declarative Onboarding (DO), and CI/CD pipelines
  • Develop Terraform/Ansible modules and GitOps workflows for Infrastructure as Code (IaC)
  • Create and maintain iRules and iRulesLX for custom traffic management
  • Perform WAF tuning, false-positive reduction, incident response support, and security monitoring
  • Deliver architecture documentation, operational runbooks, and knowledge transfer sessions
2.1 F5 WAF Engineering
  • Design, configure, and deploy WAF policies for web and API applications.
  • Implement protections including signature-based detection, positive security models, bot defense, behavioral DoS, and API schema enforcement.
  • Configure SSL/TLS profiles, certificates, and secure cipher suites.
  • Develop and maintain iRules and iRulesLX for custom traffic logic.
2.2 Python Automation and Tooling
  • Develop Python-based automation for policy deployment, configuration drift detection, log parsing, and attack correlation.
  • Integrate automation with iControl REST, AS3, DO, and CI/CD pipelines.
  • Build internal CLI tools or microservices to streamline WAF operations.
2.3 Infrastructure-as-Code (IaC)
  • Develop Terraform or Ansible modules for F5 deployments.
  • Convert manual configurations into AS3/DO declarative templates.
  • Implement GitOps workflows for WAF lifecycle management.
2.4 Security Operations Support
  • Perform continuous tuning to reduce false positives.
  • Conduct threat analysis, log review, and attack pattern correlation.
  • Support incident response teams during active security events.
  • Provide recommendations to improve application security posture.
2.5 Documentation and Knowledge Transfer
  • Deliver runbooks, architecture diagrams, and operational procedures.
  • Conduct training sessions for internal teams.
  • Maintain detailed change logs and configuration documentation.
3. Deliverables
3.1 Technical Deliverables
  • Enterprise WAF baseline policy package.
  • Python automation toolkit for policy lifecycle management.
  • AS3/DO declarative templates for standardized deployments.
  • CI/CD integration pipelines for automated configuration.
  • Bot mitigation and DoS protection configurations.
  • API security enforcement profiles.
3.2 Documentation Deliverables
  • Architecture diagrams and deployment models.
  • Operational runbooks for WAF and automation workflows.
  • Weekly or bi-weekly status reports.
  • Final project summary and knowledge-transfer documentation.
4. Contractor Qualifications
4.1 Required Technical Skills
  • 5+ years of experience with F5 BIG-IP, including LTM and ASM/Advanced WAF.
  • Strong Python 3.x development skills.
  • Experience with iControl REST, iRules, iRulesLX, AS3, DO, and TS.
  • Deep understanding of OWASP Top 10, API Top 10, HTTP/HTTPS, and TLS/SSL.
  • Experience integrating WAF controls into CI/CD pipelines.
  • Familiarity with Terraform, Ansible, or similar IaC tools.
4.2 Preferred Skills
  • F5 certifications such as F5-CA or F5-CTS.
  • Experience in regulated industries such as financial services or healthcare.
  • Experience with cloud WAF capabilities across AWS, Azure, or Google Cloud Platform.
4.3 Professional Skills
  • Strong communication and documentation capabilities.
  • Ability to work independently with minimal supervision.
  • Demonstrated cross-functional collaboration experience.

Similar jobs