CDN (WAF) Engineer

We are seeking an experienced CDN & WAF Engineer to help build, harden, and scale our CDN and Web
Application Firewall (WAF) product. You will be responsible for implementing new features,
optimizing performance, and improving security controls across our edge stack. This role
requires deep hands-on expertise in Nginx/OpenResty, Lua, C/FFI module development, eBPF,
Linux networking and infrastructure-as-code tooling.

Responsibilities
• Design, implement and ship features and improvements for our CDN and WAF edge
stack.
• Develop and maintain Lua code running in Nginx/OpenResty and build high-
performance C modules or FFI bindings where needed.
• Implement packet- and kernel-level observability or filtering using eBPF (including
XDP/eBPF tracing for telemetry and enforcement).
• Tune and troubleshoot high-volume Nginx deployments for latency, throughput and
memory usage.
• Define, author and maintain WAF rule logic, request/response inspection and mitigation
workflows.
• Build automation for deployment and configuration using Infrastructure-as-Code
(Ansible, Puppet, Terraform, or similar).
• Work with networking protocols and operational requirements of a CDN: BGP, anycast,
TCP/IP stack, load balancing, connection handling.
• Create and run performance/load tests, fuzzing and security tests; profile and optimize
hotspots.
• Produce clear design documentation, runbooks, and hand over completed work to
operations. Participate in code reviews and mentor engineers.
• Collaborate with product, security and SRE teams to align feature work with product
goals and SLAs.

Required Qualifications
• 5+ years of production experience in Linux systems engineering, networked services or
edge infrastructure.
• Strong hands-on experience with Nginx and Lua (ngx_lua/OpenResty) including writing
Lua modules for request processing.
• Familiarity or experience building native C modules or FFI bindings used by Nginx/Lua;
comfortable with libc, POSIX APIs and building/packaging C extensions.
• Practical experience with eBPF (tools, BCC/libbpf, XDP) for telemetry, filtering or
tracing.
• Deep knowledge of networking and TCP/IP internals, load balancing, and CDN
operational patterns. Familiarity with BGP and anycast is a plus.
• Experience with Web application firewall, either appliance, service or software and its
capabilities.
• Solid Linux kernel and userland troubleshooting skills: perf, tcpdump/wireshark, strace,
systemtap.
• Experience with Infrastructure-as-Code and configuration management (Ansible, Puppet,
Chef, Terraform or similar).
• Experience deploying and maintaining WAF rulesets and policies; understanding of
OWASP top risks and typical web attack patterns.
• Experience with testing and benchmarking tools (wrk, ab, locust, etc.) and CI/CD
pipelines.
• Excellent communication skills; able to work independently and collaborate effectively
with distributed teams.

Preferred / Nice-to-have
• Prior experience building or operating CDNs or edge platforms.
• Familiarity with web security tooling/modsecurity or other WAF platforms.
• Experience with container workflows and edge deployment (Docker, HashiCorp Nomad).
• Exposure to cloud providers’ networking (AWS/GCP/Azure) and hybrid edge
deployments.
• Familiarity with observability stacks: Prometheus, Grafana, ELK/EFK.
• Experience cross-compiling or packaging modules for multiple Linux distributions.
• Experience programming in Lua and C, with familiarity using LuaJIT and the Lua FFI
for native, high-performance integrations.

Engagement Details
• Contractor position; term length: 1 year with possible extension based on outcomes.
• 100% remote. Some overlap (4–6 hours) with US timezones (EST/CST/MST/PST) or
Brazil (BRT) preferred for meetings.
• This position requires participation in an on-call rotation for high-severity and customer-
impacting incidents; availability for urgent response within agreed SLAs is expected.
• Competitive hourly/day rate dependent on experience.

Social package & benefits:

- Full medical insurance 
- MacBook & accessories
- English lessons

- Accountant assistance

- Minimal bureaucracy, synergy, and formalities, primarily focusing on effective communication