Website Zelis
Job Role: WAF Engineer
Eligibility: Graduate
Experience: 2+ Years
Job Location: Hyderabad
Company Profile:
As the leading healthcare payments company, we price, pay and explain care for payers, providers, and healthcare consumers. Zelis was founded on a belief there is a better way to determine the cost of a healthcare claim, manage payment-related data, and make the payment because more affordable and transparent care is good for all of us. We partner with over 700 payers, 1.5 million providers, and millions of members — enabling the healthcare industry to pay for care, with care.
Zelis brings adaptive technology, a deeply ingrained service culture, and an integrated pre-payment through payments platform to manage the complete payment process.
Responsibilities:
- Design, implement, and manage WAF policies for web applications and APIs across environments (dev/stage/prod).
- Configure and tune managed rules and custom rules to mitigate OWASP Top 10 (SQLi, XSS, CSRF, RCE, LFI/RFI, SSRF, etc.).
- Perform rule tuning and false-positive reduction using traffic baselining, exception handling, and staged enforcement (monitor → challenge → block).
- Implement rate limiting, IP reputation, geo/ASN controls, and bot mitigation strategies to reduce abuse and credential stuffing.
- Integrate WAF logs with SIEM/log platforms (Splunk, Sentinel, ELK, QRadar) and build dashboards/alerts for threat monitoring.
- Support incident response for active attacks (L7 DDoS, exploit attempts), including rapid mitigation and post-incident improvements.
- Automate deployments using IaC (Terraform/CloudFormation/ARM/Bicep) and integrate with CI/CD pipelines.
- Conduct periodic security reviews, reporting, and metrics tracking (blocked events, top attacks, FP rate, MTTR).
- Collaborate with app teams on secure configuration (headers, TLS, authentication flows) and compatibility testing.
Join us on Telegram For More Updates: https://t.me/nareshit
To apply for this job please visit zelis.wd1.myworkdayjobs.com.