AI Summary
VARITE is seeking a WAF Adversarial Engineer to run adversarial test campaigns, build and maintain a WAF bypass library, and conduct adversarial testing of API endpoints. The ideal candidate has demonstrated WAF bypass experience, deep knowledge of HTTP protocol edge cases, and strong scripting skills in Python or Go.
Key Highlights
Run adversarial test campaigns against WAF stack
Build and maintain a WAF bypass library
Conduct adversarial testing of API endpoints
Key Responsibilities
Run adversarial test campaigns against Client's WAF stack
Build and maintain a versioned WAF bypass library
Conduct adversarial testing of API endpoints
Technical Skills Required
Benefits & Perks
Comprehensive benefits package
Health Insurance
Retirement Plans
Legal Service Plans
Nice to Have
API-specific attack surface depth
Akamai platform internals
Bot evasion at the behavioral layer
Job Description
VARITE is looking for qualified WAF Adversarial Engineer
WHAT THE CLIENT DOES?
An American computer software company that offers a wide range of programs from web design tools, photo manipulation and vector creation, through video/audio editing, mobile app development, print layout and animation software.
WHAT WE DO?
Established in the Year 2000, VARITE is an award-winning minority business enterprise providing global consulting & staffing services to Fortune 1000 companies and government agencies. With 850+ global consultants, VARITE is committed to delivering excellence to its customers by leveraging its global experience and expertise in providing comprehensive scientific, engineering, technical, and non-technical staff augmentation and talent acquisition services.
Job Title: WAF Adversarial Engineer
Location: Seattle preferred, open to remote
Contract Duration: 12 months (Possible Extension)
Pay Rate Range: $65.00/hr. to $70.42/hr.
Work Authorization: Only USC or GC
HERE’S WHAT YOU’LL DO
Duties:
- Run adversarial test campaigns against Client's WAF stack (Akamai, AWS WAF, Fastly, and Cloudflare) after each rule update cycle.
- Target encoding evasion, HTTP parsing differentials between WAF and origin, request smuggling, chunked encoding manipulation, multipart boundary abuse, Unicode normalization gaps, and logic layer bypasses.
- Build and maintain a versioned WAF bypass library, organized by vulnerability class (SQLi, XSS, SSRF, path traversal, SSTI, etc.), validated against staging and production WAF configurations, and updated as platforms and rules evolve.
- Conduct adversarial testing of API endpoints behind the WAF, including business logic abuse, BOLA/BFLA, mass assignment, and parameter manipulation. Document explicitly which classes of attack the WAF can and cannot reliably cover.
- Triage complex false positive investigations that cannot be resolved through log analysis alone — reproduce the ambiguous traffic from the attacker side and recommend targeted rule adjustments.
- Produce concise validation reports that translate offensive findings into testable rule candidates the team can refine and deploy. Each deliverable is a reproducer plus a rule recommendation, not a "bypass confirmed " note.
- Provide adversarial perspective during active edge incidents — likely attacker behavior, blind spots, next probable moves.
- Operate as the continuous validation function for the WAF program, integrated with the team's rule update cadence rather than running standalone pentest engagements.
Searching for Development & Programming roles that provide visa sponsorship? Connect with international employers through Development & Programming Jobs with Visa Sponsorship opportunities actively seeking talented professionals.
- Demonstrated WAF bypass experience against at least two commercial WAF platforms (Akamai, AWS WAF, Fastly, or Cloudflare).
- Deep working knowledge of HTTP protocol edge cases that affect WAF inspection: request smuggling primitives, chunked transfer encoding abuse, multipart boundary manipulation, Unicode normalization differentials, and header injection patterns.
- Web application penetration testing track record with WAF-specific scope. OSCP, BSCP, OSWE, or a portfolio of disclosed bypasses, conference talks, or prior validation engagements against WAF-protected assets. Tool-running alone does not qualify. - Proven ability to translate offensive findings into defensive artifacts — reproducer plus rule candidate, not just a finding.
- Strong scripting in Python or Go for building test harnesses, payload generators, and replay tooling.
- Comfortable working in CI/CD pipelines and cloud environments (AWS or Azure). Plug into existing infrastructure rather than build it.
Explore our comprehensive directory of visa sponsorship jobs from employers worldwide who are ready to sponsor talented international professionals.
- API-specific attack surface depth: GraphQL injection, BOLA/BFLA, mass assignment.
- Akamai platform internals: KRS / ASE rule engine, custom Lua / EdgeWorkers exposure.
- Bot evasion at the behavioral layer: headless browser fingerprinting bypass, behavioral mimicry.
- Familiarity with edge-layer LLM/GenAI guardrails (OWASP LLM Top 10, prompt injection mitigation at the WAF tier).
- Public security research, CVE disclosures, or conference talks demonstrating original bypass work.
Interested in opportunities specifically in United State? Discover our dedicated Visa Sponsorship Jobs in United State page featuring roles from top employers in this location.
Education:
- Bachelor's degree in Computer Science, Computer Engineering, Information Security, or a related technical field, or equivalent demonstrated experience.
BENEFITS:
We offer a comprehensive benefits package designed to support the health, well-being, and financial security of our employees and their families. Eligible employees may receive:
- Health Insurance: Medical, dental, and vision coverage
- Retirement Plans: Participation in a company-sponsored retirement savings plan.
- Legal Service Plans: Offering access to attorneys for legal advice and representation.
If this opportunity interests you, please respond by clicking on EasyApply.
Know someone who would be perfect for this role? Refer to us and if they are hired, you could be eligible for our employee referral bonus! Help us grow our team with top talent from your network.
VARITE is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Similar Jobs
Explore other opportunities that match your interests
Software Engineer - Customer Care Team
••••••
••••••
••••••
Job Type
••••••
Experience Level
••••••
crate & barrel
United State
Senior Product Leader
••••••
••••••
••••••
Job Type
••••••
Experience Level
••••••
community.co
United State
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
systems technology group, inc....
United State