About Us

Zelis is modernizing the healthcare financial experience in the United States (U.S.) across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients.

Why We Do What We Do

In the U.S., consumers, payers, and providers face significant challenges throughout the healthcare financial journey. Zelis helps streamline the process by offering solutions that improve transparency, efficiency, and communication among all parties involved. By addressing the obstacles that patients face in accessing care, navigating the intricacies of insurance claims, and the logistical challenges healthcare providers encounter with processing payments, Zelis aims to create a more seamless and effective healthcare financial system.

Zelis India plays a crucial role in this mission by supporting various initiatives that enhance the healthcare financial experience. The local team contributes to the development and implementation of innovative solutions, ensuring that technology and processes are optimized for efficiency and effectiveness. Beyond operational expertise, Zelis India cultivates a collaborative work culture, leadership development, and global exposure, creating a dynamic environment for professional growth. With hybrid work flexibility, comprehensive healthcare benefits, financial wellness programs, and cultural celebrations, we foster a holistic workplace experience. Additionally, the team plays a vital role in maintaining high standards of service delivery and contributes to Zelis’ award-winning culture.

Position Overview

AF Engineer with 5+ years of experience securing web applications and APIs using Web Application Firewalls and edge security controls. You will own WAF policy design, tuning, deployment automation, and operational response to attacks (OWASP Top 10, bot abuse, L7 DDoS). You’ll partner closely with DevOps/SRE and application teams to improve protection while minimizing false positives and performance impact.

Zelis is one of the leading healthcare technology Product organizations with $1.4 Billion revenue with year-on-year growth of 22% and client retention rate of 120%. we offer wide range of innovative solutions to the healthcare payers, providers, and consumers. Our services include network analytics, payment integrity and optimization, provider credentialing, and provider engagement.

Zelis is an US based Software Product development organization founded in 1995 with a headcount 2400+ talented professionals working in 7 offices in US and 1 global capacity center located in Hyderabad, India.

URL: https://www.zelis.com

WAF ENGINEER

Job Summary

We are looking for a WAF Engineer with 5+ years of experience securing web applications and APIs using Web Application Firewalls and edge security controls. You will own WAF policy design, tuning, deployment automation, and operational response to attacks (OWASP Top 10, bot abuse, L7 DDoS). You’ll partner closely with DevOps/SRE and application teams to improve protection while minimizing false positives and performance impact.

Key Responsibilities

Design, implement, and manage WAF policies for web applications and APIs across environments (dev/stage/prod).

Configure and tune managed rules and custom rules to mitigate OWASP Top 10 (SQLi, XSS, CSRF, RCE, LFI/RFI, SSRF, etc.).

Perform rule tuning and false-positive reduction using traffic baselining, exception handling, and staged enforcement (monitor → challenge → block).

Implement rate limiting, IP reputation, geo/ASN controls, and bot mitigation strategies to reduce abuse and credential stuffing.

Integrate WAF logs with SIEM/log platforms (Splunk, Sentinel, ELK, QRadar) and build dashboards/alerts for threat monitoring.

Support incident response for active attacks (L7 DDoS, exploit attempts), including rapid mitigation and post-incident improvements.

Automate deployments using IaC (Terraform/CloudFormation/ARM/Bicep) and integrate with CI/CD pipelines.

Conduct periodic security reviews, reporting, and metrics tracking (blocked events, top attacks, FP rate, MTTR).

Collaborate with app teams on secure configuration (headers, TLS, authentication flows) and compatibility testing.

Required Qualifications

5+ years experience in WAF engineering / application security / edge security.

Hands-on experience with at least one WAF platform: AWS WAF, Azure WAF, Cloudflare, F5 ASM/Advanced WAF, Imperva, Akamai, ModSecurity (any one or more).

Strong understanding of HTTP/HTTPS, web app architecture, REST APIs, and common attack patterns.

Proven experience tuning WAF rules and balancing security vs. false positives.

Experience with logging/monitoring and SIEM integrations.

Scripting/automation skills: Powershell/Python/Bash (plus regex and JSON/YAML).

Familiarity with CI/CD and Infrastructure-as-Code principles.

Good troubleshooting and stakeholder communication skills.

Preferred Qualifications

Experience with bot management and advanced detection techniques (behavioral, fingerprinting where supported).

Experience with API gateways and API security controls (schema validation, auth hardening).

Working knowledge of cloud networking/CDN/reverse proxy concepts.

Security certifications: AWS Security Specialty, Azure Security Engineer, CCSP, CEH, Security+ (nice to have).

Tools & Technologies

WAF (AWS/Azure/Cloudflare/F5/Imperva), CDN, TLS, SIEM (Splunk/Sentinel), Terraform, CI/CD (Jenkins/GitHub Actions/Azure DevOps), Python, Linux, Git.

Commitment to Diversity, Equity, Inclusion, and Belonging

At Zelis, we champion diversity, equity, inclusion, and belonging in all aspects of our operations. We embrace the power of diversity and create an environment where people can bring their authentic and best selves to work. We know that a sense of belonging is key not only to your success at Zelis, but also to your ability to bring your best each day.

Equal Employment Opportunity

Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Accessibility Support

We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability and require reasonable accommodation with any part of the application and/or interview process, please email talentacquisition@zelis.com.