Perimeter Security Engineer

WAF Perimeter Security Engineer

The WAF Perimeter Security Engineer is a critical technical role responsible for securing Warner Bros. Discovery’s global edge infrastructure through advanced WAF and DDoS protections. This candidate will be considered a hands‑on expert in WAF security, with proficient experience in traffic analysis, rule customization, and threat mitigation. Ideal candidates will have the following expectations: proactively design and tune WAF policies to defend against evolving threats, collaborate with product and engineering teams to embed security into edge services and APIs, and respond to real‑time attacks with precision and agility.

This role requires a strong understanding of web application architectures, application behavior, and the threat landscape, along with the ability to translate complex security requirements into scalable, effective solutions.

• Implement, configure, and maintain enterprise‑grade WAF and DDoS protections across a large portfolio of properties.
• Develop and fine‑tune custom firewall rules, bot mitigation controls, and DDoS mitigation security policies.
• Perform log analysis to identify malicious traffic patterns, false positives, and opportunities for tuning.
• Contribute to automation efforts (infrastructure as code, CI/CD integrations, scripts) to deploy and maintain security configurations.
• Identify security vulnerabilities and guide developers and engineers in addressing these issues.
• Participate in on‑call rotation as a subject matter expert for WAF/DDoS incident response.
• Partner with product, engineering, and operations teams to integrate WAF/Edge security controls into applications and services.
• Research and stay current on the latest attack vectors, vulnerabilities, and exploits affecting web and API applications.
• Recommend and implement improvements to strengthen defenses across the edge/perimeter layer.

• 3+ years of experience working with, configuring, and maintaining web application firewalls (WAF), including troubleshooting, rule development and deployment.
• Knowledge of web application attack techniques and common vulnerabilities (e.g. OWASP Top 10).
• Detailed understanding of the threats faced directly to consumer and digital platform organizations.
• Proven expertise with at least one major WAF platform (Akamai, Fastly NGWAF, AWS WAF, Azure, or similar).
• Familiarity with log analysis tools, scripting (Python, Bash, Power Shell), and automation frameworks.
• Proven hands‑on experience engineering across one of the various Cloud Providers (AWS, GCP, Azure).
• Strong problem‑solving skills with the ability to quickly analyze issues and implement effective mitigations.
• Excellent collaboration and communication skills across security, engineering, and product teams.

• Security certifications – CISSP, CISM, CISA, SANS, etc. (preferred).
• Amazon certifications – Solutions Architecture Associate, Cloud Practitioner.
• Experience with infrastructure‑as‑code (Terraform, Cloud Formation) for WAF/DDoS deployment.
• Familiarity with CDN integrations and API Security frameworks.
• Exposure to DDoS mitigation at scale, including volumetric and application‑layer attacks.

In compliance with local law, we disclose the compensation, or a range thereof, for roles in locations where legally required. Base pay is a component of Warner Bros. Discovery’s total compensation package. Pay range: $91,000.00 – $ per year. Other rewards may include annual bonuses, short‑ and long‑term incentives, and program‑specific awards. Additional benefits include health insurance coverage, employee wellness program, life and disability insurance, retirement savings plan, paid holidays and sick time, and vacation.

Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law.