Cloud Security / DevOps Engineer for Custom Traffic Verification Layer

We are looking for a Cloud Security / DevOps Engineer to help design and implement a custom traffic verification layer in front of web applications and landing pages.

The goal is to build a controlled request-filtering architecture using Cloudflare Workers, Cloudflare WAF, Google Cloud Armor, Load Balancer, Cloud Run / Cloud Functions, external risk APIs, logging, and custom decision logic.

This is a project-based / part-time role to start with an architecture audit, proof of concept, and production implementation plan.

Main Goal

We need to build a system where incoming HTTP traffic passes through multiple verification layers before reaching the backend:

1. Standard WAF, rate limiting, and bot protection rules.
2. Custom checks based on IP, ASN, GEO, headers, user-agent, path, query parameters, cookies, and session data.
3. Optional request to an external risk / fingerprint / scoring API.
4. Decision logic: allow / block / challenge / rate-limit / route / log-only.
5. Logging and analytics for traffic quality, requests, decisions, and block reasons.

The system will be used for:

• bot filtering;
• anti-fraud;
• traffic quality control;
• abuse prevention;
• custom WAF extension;
• request routing;
• security monitoring.

Responsibilities

Cloudflare Side

• Configure Cloudflare WAF, Firewall Rules, Rate Limiting, and Bot Protection.
• Build custom logic using Cloudflare Workers.
• Integrate Workers with external APIs via fetch.
• Work with request headers, cookies, IP, GEO, ASN, user-agent, referer, path, and query parameters.
• Integrate Turnstile or challenge flows if needed.
• Implement allow/block/challenge/route decision logic.
• Add logging and monitoring.
• Design safe fail-open / fail-closed behavior if an external API is unavailable.
• Optimize latency and reliability.

Google Cloud Side

• Configure Google Cloud Load Balancer.
• Configure Cloud Armor security policies.
• Write custom rules using CEL.
• Integrate reCAPTCHA Enterprise / challenge flow if needed.
• Design middleware logic using Cloud Run / Cloud Functions.
• Optionally design Service Extensions / callout architecture.
• Route traffic to different backends depending on verification results.
• Set up logging in Cloud Logging / BigQuery / external analytics.

Expected Deliverables

• Architecture diagram of the request flow.
• List of collected request signals.
• Decision matrix: what gets allowed, blocked, challenged, routed, or logged.
• Cloudflare Worker proof of concept.
• Google Cloud middleware / Cloud Armor proof of concept.
• Documentation for setup and rule management.
• Logging and basic analytics.
• Recommendations for production scaling, reliability, and security.

Must-Have Experience

• Cloudflare Workers.
• Cloudflare WAF / Rules / Rate Limiting / Turnstile.
• Google Cloud Load Balancer.
• Google Cloud Armor.
• Cloud Run / Cloud Functions.
• JavaScript / TypeScript for edge or middleware logic.
• HTTP, headers, cookies, redirects, TLS, DNS.
• Reverse proxy / middleware / request filtering.
• External API integrations.
• Bot protection, traffic quality, anti-fraud, or abuse prevention.
• Security best practices.
• Reliable failover and production-ready architecture.

Nice to Have

• reCAPTCHA Enterprise.
• Fingerprinting / risk scoring / device intelligence.
• Experience with DataDome, Fingerprint, HUMAN / PerimeterX, Akamai, Kasada, or similar tools.
• BigQuery, ClickHouse, Elasticsearch, Grafana, or similar logging/analytics stack.
• High-load HTTP traffic experience.
• Terraform / Infrastructure as Code.
• Docker / Kubernetes.
• Node.js / FastAPI backend experience.
• Experience in fintech, affiliate, adtech, anti-fraud, security, or traffic quality.