Your biggest challenge is going to be getting the senior dev to step back from his public assertion to others that Cloudflare can't work "except with Enterprise which too expensive".
As others have pointed out, he's simply wrong - there's significant protection available in the free version. And it's 15 or 20 mins to set up even for someone not directly experienced in CF's interface, so there's essentially zero barrier to entry to at least test it.
But senior devs HATE taking advice like this from SEOs in the first place, much less being pushed to walk back their original claims.
So you're going to need a plan for getting the dev onside to reconsider this solution.
Sidenote: in my experience, one of the root causes for devs (especially Microsoft devs) to toss out Cloudflare solutions is because of their training/innate desire to maintain full control of their DNS. And there _are_ some sophisticated network DNS configurations that art a challenge to integrate with Cloudflare.
So the first thing to do is confirm with him/her that there are no legit showstopping reasons why Cloudflare couldn't be used to manage the DNS for the site in question.
Sidenote 2: There is an *account-wide* WAF functionality in CF that is only available in Enterprise. It's possible, if the dev doesn't have direct experience in Cloudflare, that they've seen this stipulation and not reaslised there are still many site-specific options available in the free version - including built-in bot blocking and AIbot blocking as one-click options.