What are the responsibilities and job description for the WAF Adversarial Engineer position at VARITE INC?
VARITE is looking for qualified WAF Adversarial Engineer
WHAT THE CLIENT DOES?
An American computer software company that offers a wide range of programs from web design tools, photo manipulation and vector creation, through video/audio editing, mobile app development, print layout and animation software.
WHAT WE DO?
Established in the Year 2000, VARITE is an award-winning minority business enterprise providing global consulting & staffing services to Fortune 1000 companies and government agencies. With 850 global consultants, VARITE is committed to delivering excellence to its customers by leveraging its global experience and expertise in providing comprehensive scientific, engineering, technical, and non-technical staff augmentation and talent acquisition services.
Job Title: WAF Adversarial Engineer
Location: Seattle preferred, open to remote
Contract Duration: 12 months (Possible Extension)
Pay Rate Range: $65.00/hr. to $70.42/hr.
Work Authorization: Only USC or GC
HERE’S WHAT YOU’LL DO
Duties:
- Run adversarial test campaigns against Client's WAF stack (Akamai, AWS WAF, Fastly, and Cloudflare) after each rule update cycle.
- Target encoding evasion, HTTP parsing differentials between WAF and origin, request smuggling, chunked encoding manipulation, multipart boundary abuse, Unicode normalization gaps, and logic layer bypasses.
- Build and maintain a versioned WAF bypass library, organized by vulnerability class (SQLi, XSS, SSRF, path traversal, SSTI, etc.), validated against staging and production WAF configurations, and updated as platforms and rules evolve.
- Conduct adversarial testing of API endpoints behind the WAF, including business logic abuse, BOLA/BFLA, mass assignment, and parameter manipulation. Document explicitly which classes of attack the WAF can and cannot reliably cover.
- Triage complex false positive investigations that cannot be resolved through log analysis alone — reproduce the ambiguous traffic from the attacker side and recommend targeted rule adjustments.
- Produce concise validation reports that translate offensive findings into testable rule candidates the team can refine and deploy. Each deliverable is a reproducer plus a rule recommendation, not a "bypass confirmed " note.
- Provide adversarial perspective during active edge incidents — likely attacker behavior, blind spots, next probable moves.
- Operate as the continuous validation function for the WAF program, integrated with the team's rule update cadence rather than running standalone pentest engagements.
- Demonstrated WAF bypass experience against at least two commercial WAF platforms (Akamai, AWS WAF, Fastly, or Cloudflare).
- Deep working knowledge of HTTP protocol edge cases that affect WAF inspection: request smuggling primitives, chunked transfer encoding abuse, multipart boundary manipulation, Unicode normalization differentials, and header injection patterns.
- Web application penetration testing track record with WAF-specific scope. OSCP, BSCP, OSWE, or a portfolio of disclosed bypasses, conference talks, or prior validation engagements against WAF-protected assets. Tool-running alone does not qualify. - Proven ability to translate offensive findings into defensive artifacts — reproducer plus rule candidate, not just a finding.
- Strong scripting in Python or Go for building test harnesses, payload generators, and replay tooling.
- Comfortable working in CI/CD pipelines and cloud environments (AWS or Azure). Plug into existing infrastructure rather than build it.
- API-specific attack surface depth: GraphQL injection, BOLA/BFLA, mass assignment.
- Akamai platform internals: KRS / ASE rule engine, custom Lua / EdgeWorkers exposure.
- Bot evasion at the behavioral layer: headless browser fingerprinting bypass, behavioral mimicry.
- Familiarity with edge-layer LLM/GenAI guardrails (OWASP LLM Top 10, prompt injection mitigation at the WAF tier).
- Public security research, CVE disclosures, or conference talks demonstrating original bypass work.
Education:
- Bachelor's degree in Computer Science, Computer Engineering, Information Security, or a related technical field, or equivalent demonstrated experience.
BENEFITS:
We offer a comprehensive benefits package designed to support the health, well-being, and financial security of our employees and their families. Eligible employees may receive:
- Health Insurance: Medical, dental, and vision coverage
- Retirement Plans: Participation in a company-sponsored retirement savings plan.
- Legal Service Plans: Offering access to attorneys for legal advice and representation.
If this opportunity interests you, please respond by clicking on EasyApply.
Know someone who would be perfect for this role? Refer to us and if they are hired, you could be eligible for our employee referral bonus! Help us grow our team with top talent from your network.
VARITE is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Salary : $65 - $70