Cloud Network Security Senior Engineer (WAF and DDoS Focus) Timișoara

Cloud Network Security Senior Engineer (WAF and DDoS Focus)
Timişoara
Timișoara, Timiș, Romania

We help the world run better

At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our
- driven and
- focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.

The Role:

As a Cloud Network Security Engineer with deep focus on Web Application Firewall (WAF) rule tuning, DDo
S mitigation, and
- native
-
- code, you will play a critical role in designing, implementing, and maintaining robust cloud perimeter and workload protection strategies. You will own the continuous improvement of WAF rule sets, Network Security Groups (NSGs), security policies, DDo
S detection and mitigation strategies, and threat detection logic—all delivered and maintained as code.

Key Responsibilities

Cloud WAF Design & Tuning

• Define and implement WAF strategies using native services (e. g. , AWS WAF, Azure WAF, Google Cloud Armor).
• Conduct detailed analysis and tuning of WAF rules to reduce false positives while maintaining strong protections against OWASP Top 10 threats and custom application vulnerabilities.
• Collaborate with application security and Dev
  Sec
  Ops teams to align WAF configurations with business logic and risk profiles.

DDo
S Detection, Mitigation & Validation

• Develop and continuously improve DDo
  S prevention and mitigation strategies across cloud platforms and network layers (L3, L4, L7).
• Monitor DDo
  S metrics and anomalies, validate mitigation effectiveness, and
  - tune thresholds and countermeasures to balance security and legitimate traffic.
• Collaborate with SOC and threat intelligence teams to investigate and respond to DDo
  S incidents, perform
  - attack analysis, and produce mitigation reports.

Security Policy-as-Code

• Implement and manage cloud network and security controls as code using tools such as Terraform, AWS CDK, Azure Bicep, or Pulumi.
• Maintain and audit security group, firewall, routing, and DDo
  S protection policies across AWS, Azure, and GCP for consistency and compliance.
• Automate the deployment, validation, and rollback of security policies within CI/CD pipelines.

Monitoring, Visibility & Threat Detection

• Work closely with security operations and observability teams to ensure that WAF and DDo
  S logs, alerts, and security policy changes are captured, structured, and integrated into SIEM platforms (e. g. , Splunk, ELK).
• Analyze WAF/network logs and DDo
  S telemetry to identify patterns of abuse, misconfiguration, or performance degradation.

Security Governance & Compliance

• Define standards and templates for cloud firewall, WAF, and DDo
  S configurations to meet internal security baselines and external compliance requirements (e. g. , ISO 27001, SOC 2, GDPR).
• Participate in security reviews, audits, and risk assessments related to cloud networking, application ingress security, and DDo
  S defenses.

Collaboration & Support

• Partner with application owners, cloud engineers, and Dev
  Ops teams to provide
  -
  - default network access and DDo
  S-resilient designs.
• Provide L2/L3 support for escalated security incidents, change requests, or false positives related to WAF and DDo
  S protections.

What You Bring

• Bachelor's degree in Computer Science, Cybersecurity, or related field.
• 5+ years of experience in cloud security engineering or network security roles.
• Expert-level
  - on experience with
  - native WAF solutions: AWS WAF, Azure WAF, Google Cloud Armor.
• Deep understanding of WAF rule tuning, threat signatures, regex patterns, anomaly detection, and DDo
  S attack vectors and mitigation techniques.
• Proficient in network security configurations including NSGs, firewalls, VPC/Subnet security, and
  - trust principles.
• Experience with Infrastructure-as-Code and Policy-as-Code using Terraform, AWS CDK, Bicep, or equivalent.
• Solid scripting skills (Python, Bash, etc. ) for automation, custom tooling, and DDo
  S mitigation orchestration.
• Familiarity with Dev
  Sec
  Ops practices and integrating security controls into CI/CD pipelines.
• Experience with
  - cloud environments (AWS, Azure, GCP) and hybrid networks.

Bonus Points

• Cloud certifications (e. g. , AWS Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer).
• Experience with security frameworks like MITRE ATT&CK, CIS Benchmarks, and NIST 800-53.
• Knowledge of API security testing and DDo
  S mitigation strategies.
• Experience working with SIEM platforms and log analytics for WAF incident detection.
• Contributions to
  - source security tools or WAF rule sets.

Why Join Us

• Be a part of a
  - class cloud security engineering team shaping the security of critical infrastructure.
• Solve complex problems in a
  - scale,
  - cloud enterprise environment.
• Drive meaningful impact on the resilience and trustworthiness of
  - critical applications

About SAP Enterprise Cloud Services:
SAP Enterprise Cloud Services provides
- critical cloud solutions to our global customers, ensuring high availability, performance, and security. We are building the next generation of cloud infrastructure and operations, emphasizing automated,
- touch, and secure cloud environments.

 ​Bring out your best

SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in
-
- end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are
- driven and
- focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves.  At SAP,  you can bring out your best.

We win with inclusion

SAP’s culture of inclusion, focus on health and
- being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an
- mail with your request to Recruiting Operations Team: Careers@sap.com
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy. Specific conditions may apply for roles in Vocational Training.

EOE AA M/F/Vet/Disability:

Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Successful candidates might be required to undergo a background verification with an external vendor.

Requisition ID: 432439  | Work Area: Information Technology  | Expected Travel: 0 - 10%  | Career Status: Professional  | Employment Type: Regular Full Time   | Additional Locations: #LI-Hybrid.