Job Description

L3 ? Web Application Firewall Lead (Cloudflare WAF) Location: Mumbai Mode: Hybrid Job Summary: ITCI Cyber Security team is looking for the role who is operational excellence and strategic configuration of Cloudflare WAF, focused on protecting public-facing web assets. The individual will ensure accurate ruleset deployment, threat intelligence tuning, and real-time attack mitigation. Additionally, the role requires extensive engagement with application owners and dev teams to fine-tune security without compromising performance. Key Responsibilities: Manage Cloudflare WAF policies and rulesets to protect financial web apps from OWASP Top 10 threats and zero-day exploits. Oversee rule tuning, false positive management, and configuration of Bot Mitigation, Rate Limiting, and DDoS Protection. Participate in vulnerability remediation cycles, ensuring virtual patching through WAF policies. Conduct monthly policy reviews, perform simulated attacks for resilience validation, and apply version updates as needed. Document all policy configurations, rationales, and threat detection results for audit and governance. Work with developers and AppSec teams to align WAF policies with application behaviour and threat models. Troubleshoot web traffic issues, SSL certificate renewals, and secure CDN operations. Provide architectural input on securing new applications and APIs through Cloudflare WAF. Support incident response activities, forensic analysis, and ensure high availability of WAF configurations. Key Skills & Certifications: 8+ years in application or network security; 3+ years Cloudflare WAF experience. Strong hands-on with OWASP, HTTP/HTTPS protocols, TLS configurations, and Cloudflare dashboards. Cloudflare Certified, CEH, or OSWE preferred. In-depth understanding of RBI and SEBI appsec controls and web access compliance.