Informacje o stanowisku

technologies-expected :

• AWS
• Microsoft Azure
• Google Cloud Platform
• Splunk

• As a Principal Application Security Engineer – Cloud Security & WAF, you will be working for our client, a major player in cybersecurity, dedicated to safeguarding web applications and cloud infrastructure across financial services. Your expertise will help shape resilient security measures, defend against advanced threats, and innovate industry standards in web application protection. This role offers an exciting career path within a global organization committed to continuous innovation.
• Unleash the future of web security — lead the charge in protecting digital realms with cutting-edge application defense!
• Krakow-based opportunity with hybrid work model (up to 3 days remote per week).
• Only candidates with an existing legal right to work in Europe will be considered for this role.

• Develop, deploy, and optimize Web Application Firewall (WAF) rules across cloud platforms such as AWS, Azure, or GCP, ensuring robust protection against Layer 7 DDoS attacks.
• Collaborate with cross-functional teams to implement security baselines and integrate central security capabilities, including SIEM and incident response systems.
• Monitor attack signatures and false positives using native cloud logging and alerting solutions; respond effectively to cyber-attacks.
• Provide guidance on web application security best practices, including reviewing signatures and assisting developers with non-compliance issues.
• Produce procedural documentation and runbooks for secure deployment and incident management related to WAF configurations.
• Participate in maintaining compliance with cybersecurity standards and industry best practices through continuous learning and knowledge sharing.
• Support migration projects for services to cloud-native security rules and facilitate the application of central security policies.

• At least 4 years of hands-on experience in application security, with a focus on WAF rule deployment and cloud-native security solutions.
• Practical experience with at least one major cloud provider (AWS, Azure, GCP) and their native WAF and DDoS protection mechanisms.
• Strong knowledge of web security, including signatures, threat mitigation, and false positive management.
• Experience in working across organizational teams to implement security configurations and respond to security incidents.
• Ability to produce clear documentation, procedural guidelines, and provide training or guidance to development teams.
• Basic certifications in cloud technologies such as AWS Certified Security – Specialty, or equivalent is a plus.
• Familiarity with logging and alerting tools like Splunk or similar.

• Stable and long-term cooperation with very good conditions
• Enhance your skills and develop your expertise in the financial industry
• Work on the most strategic projects available in the market
• Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years
• Participate in Social Events, training, and work in an international environment
• Access to attractive Medical Package
• Access to Multisport Program
• Access to Pluralsight
• Flexible hours

• sharing the costs of sports activities
• private medical care
• flexible working time
• fruits
• integration events
• corporate gym
• saving & investment scheme
• no dress code
• coffee / tea
• drinks
• christmas gifts
• birthday celebration
• sharing the costs of a streaming platform subscription
• access to +100 projects
• access to Pluralsight

Kraków - Oferty pracy w okolicznych lokalizacjach