We are looking for a Cloud Security / DevOps Engineer to help design and implement a custom traffic verification layer in front of web applications and landing pages.
The goal is to build a controlled request-filtering architecture using Cloudflare Workers, Cloudflare WAF, Google Cloud Armor, Load Balancer, Cloud Run / Cloud Functions, external risk APIs, logging, and custom decision logic.
This is a project-based / part-time role to start with an architecture audit, proof of concept, and production implementation plan.
Main Goal
We need to build a system where incoming HTTP traffic passes through multiple verification layers before reaching the backend:
- Standard WAF, rate limiting, and bot protection rules.
- Custom checks based on IP, ASN, GEO, headers, user-agent, path, query parameters, cookies, and session data.
- Optional request to an external risk / fingerprint / scoring API.
- Decision logic: allow / block / challenge / rate-limit / route / log-only.
- Logging and analytics for traffic quality, requests, decisions, and block reasons.
The system will be used for:
- bot filtering;
- anti-fraud;
- traffic quality control;
- abuse prevention;
- custom WAF extension;
- request routing;
- security monitoring.
Responsibilities
Cloudflare Side
- Configure Cloudflare WAF, Firewall Rules, Rate Limiting, and Bot Protection.
- Build custom logic using Cloudflare Workers.
- Integrate Workers with external APIs via fetch.
- Work with request headers, cookies, IP, GEO, ASN, user-agent, referer, path, and query parameters.
- Integrate Turnstile or challenge flows if needed.
- Implement allow/block/challenge/route decision logic.
- Add logging and monitoring.
- Design safe fail-open / fail-closed behavior if an external API is unavailable.
- Optimize latency and reliability.
Google Cloud Side
- Configure Google Cloud Load Balancer.
- Configure Cloud Armor security policies.
- Write custom rules using CEL.
- Integrate reCAPTCHA Enterprise / challenge flow if needed.
- Design middleware logic using Cloud Run / Cloud Functions.
- Optionally design Service Extensions / callout architecture.
- Route traffic to different backends depending on verification results.
- Set up logging in Cloud Logging / BigQuery / external analytics.
Expected Deliverables
- Architecture diagram of the request flow.
- List of collected request signals.
- Decision matrix: what gets allowed, blocked, challenged, routed, or logged.
- Cloudflare Worker proof of concept.
- Google Cloud middleware / Cloud Armor proof of concept.
- Documentation for setup and rule management.
- Logging and basic analytics.
- Recommendations for production scaling, reliability, and security.
Must-Have Experience
- Cloudflare Workers.
- Cloudflare WAF / Rules / Rate Limiting / Turnstile.
- Google Cloud Load Balancer.
- Google Cloud Armor.
- Cloud Run / Cloud Functions.
- JavaScript / TypeScript for edge or middleware logic.
- HTTP, headers, cookies, redirects, TLS, DNS.
- Reverse proxy / middleware / request filtering.
- External API integrations.
- Bot protection, traffic quality, anti-fraud, or abuse prevention.
- Security best practices.
- Reliable failover and production-ready architecture.
Nice to Have
- reCAPTCHA Enterprise.
- Fingerprinting / risk scoring / device intelligence.
- Experience with DataDome, Fingerprint, HUMAN / PerimeterX, Akamai, Kasada, or similar tools.
- BigQuery, ClickHouse, Elasticsearch, Grafana, or similar logging/analytics stack.
- High-load HTTP traffic experience.
- Terraform / Infrastructure as Code.
- Docker / Kubernetes.
- Node.js / FastAPI backend experience.
- Experience in fintech, affiliate, adtech, anti-fraud, security, or traffic quality.
