.
WAF & Application Security SME
  • Kraków
WAF & Application Security SME
Kraków, Kraków, Lesser Poland Voivodeship, Polska
Mindbox S.A.
1. 10. 2025
Informacje o stanowisku

technologies-optional :


  • Akamai
  • F5
  • AWS
  • Google Cloud Platform
  • Splunk
  • Wireshark

about-project :


  • Join a team of experts responsible for elevating the security of web applications at one of the world’s largest financial organizations. As a WAF & Application Security SME, you will play a key role in designing, testing, and implementing advanced Web Application Firewall (WAF) solutions, as well as enhancing the security posture of internet and internal applications and APIs.

responsibilities :


  • Identify and craft complex custom WAF rules and features to mitigate security gaps.
  • Design and execute efficacy testing for baseline and custom rules, integrating tests into CI/CD automation pipelines.
  • Provide SME support for security testing, WAF Proofs of Concept, new features, and solutions.
  • Analyze logs, detect and mitigate false positives, and optimize WAF rules for accuracy and performance.
  • Document WAF tuning procedures, policies, and configurations.
  • Collaborate with DevSecOps, engineering, SOC/CSIRT, and other technical teams.
  • Conduct regular audits and assessments of WAF configurations for compliance with best practices and industry standards.
  • Stay up-to-date with the latest web security threats and trends.
  • Proactively identify and address threats and false positives.
  • Support seamless integration of WAF solutions into existing security infrastructure.

requirements-expected :


  • Several years of experience in WAF management, tuning, and engineering (e.g., Akamai, F5, AWS, GCP – at least 3 solutions).
  • Strong understanding of web application security principles and hands-on experience in SOC/CSIRT, AppSec, or Ethical Hacking.
  • Proficiency in log analysis (e.g., Splunk, Wireshark, custom scripts).
  • Ability to develop, test, and recommend WAF policies and rules tailored to various applications and environments.
  • Experience working with DevSecOps teams and integrating security solutions.
  • Competence in maintaining comprehensive documentation for WAF procedures and configurations.
  • Proactive, detail-oriented, and able to thrive in a dynamic environment.
  • Excellent communication skills – able to articulate technical concepts to both technical and non-technical stakeholders.
  • Up-to-date knowledge of web security threats and trends.

offered :


  • Work in an international environment on innovative cybersecurity projects.
  • Opportunities for professional growth and collaboration with experts from around the world.
  • Remote or hybrid work model.
  • Participation in projects with global impact and high organizational visibility.

benefits :


  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of professional training & courses
  • life insurance

  • Praca Kraków
  • Chief security officer Kraków

    • Kraków - Oferty pracy w okolicznych lokalizacjach

    Odpowiedz na ogłoszenie
    Praca Kraków - Ciekawe oferty pracy w okolicy:
    SME - Mainframe (IBMz) Core Enterprise Platform Security
    • Kraków
      HSBC Service Delivery (Polska) Sp. z o.o.
    Application Packaging Knowledge SME (Managed Workplace) with German
    Application / Product Security Engineer
    Application Support Analyst
    Principal SME – Proxy and Remote Access Security
    • Kraków
      HSBC Service Delivery (Polska) Sp. z o.o.
    WAF Security / DevOps Engineer
    Principal SME Network Segmentation (Security)
    • Kraków
      HSBC Service Delivery (Polska) Sp. z o.o.
    Application Product Security Engineer
    SME General Ledger
    128 524
    24 025