WAF & Application Security SME

Join us, and protect critical applications from evolving cyber threats!

Kraków - based opportunity with hybrid work model (6 days/month in the office).

As a WAF & Application Security SME, you will be working for our client, a leading global financial institution strengthening its web and API security posture. You will be designing, tuning, and optimizing Web Application Firewall (WAF) rules, conducting log analysis, and integrating security testing into automated pipelines. Acting as a subject matter expert, you will advise on threat mitigation, support DevSecOps initiatives, and collaborate with cross-functional teams to ensure WAF solutions align with business requirements and industry best practices. You will play a critical role in enhancing the organization’s cybersecurity resilience and protecting critical applications.

Your main responsibilities:

• Crafting and tuning custom WAF rules and security features

• Conducting log analysis to identify false positives and optimize performance

• Developing and testing WAF policies for specific applications and environments

• Integrating WAF testing into automated DevSecOps pipelines

• Providing SME guidance on web and API attack methodologies and mitigation

• Monitoring, reviewing, and approving WAF tuning requests

• Maintaining comprehensive documentation of WAF procedures, configurations, and policies

• Performing regular assessments and audits of WAF configurations for compliance

• Collaborating with cross-functional teams to integrate WAF solutions

• Staying updated on emerging threats, vulnerabilities, and security trends

  
  

You're ideal for this role if you have:

• Extensive experience in WAF management, tuning, and engineering

• Strong understanding of web application security principles

• Proven experience in identifying and mitigating false positives

• Hands-on experience in SOC, CSIRT, AppSec, or ethical hacking

• Proficiency with log analysis tools such as Splunk or Wireshark

• Experience with at least three major WAF solutions (e.g., Akamai, F5, AWS, GCP)

• Strong analytical and problem-solving skills with attention to detail

• Excellent communication skills for technical and non-technical stakeholders

• Experience developing and recommending tailored WAF policies and rules

• Ability to collaborate with cross-functional teams for seamless WAF integration

  
  

It is a strong plus if you have:

• Experience maintaining comprehensive WAF documentation and procedures

• Competence in aligning WAF configurations with best practices and compliance standards

• Proactive, detail-oriented approach in fast-paced, dynamic environments

We offer you:

ITDS Business Consultants is involved in many various, innovative and professional IT projects for international companies in the financial industry in Europe. We offer an environment for professional, ambitious and driven people. The offer includes:

• Stable and long-term cooperation with very good conditions

• Enhance your skills and develop your expertise in the financial industry

• Work on the most strategic projects available in the market

• Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years

• Participation in Social Events, training, and work in an international environment

• Access to an attractive Medical Package

• Access to Multisport Program

#GETREADY

Internal job ID #7826

You can report violations in accordance with ITDS’s Whistleblower Procedure available here.