Application Security Engineer

Svitla Systems Inc. is looking for an Application Security Engineer for a full-time position (40 hours per week) in Europe. Our client is the leading global provider of enterprise software and services that enable companies to manage and optimize their environmental, health, safety, and sustainability processes. 

You'll work closely with development teams, product managers (PM), and third-party groups to ensure that products are secure. Reporting to the Director of Information Security, this role will support cloud and on-prem applications to ensure a holistic vulnerability management approach, with a specialized focus on web application firewall (WAF) policy development, tuning, and enforcement. 

Overlap till 19:00 CET.

Requirements:

• 5+ years of experience in application security, with at least 1 year of dedicated WAF administration and policy management.

• Bachelor's degree in Management Information Systems, Computer Science, Cybersecurity, or a related field.

• Familiarity with common security libraries, security controls, and common security flaws.

• Hands-on experience administering and tuning WAF solutions (e.g., AWS WAF, Cloudflare, Imperva, F5, Akamai, or equivalent).

• Strong understanding of HTTP/S request/response lifecycle, web application attack patterns, and how WAF rule logic maps to real-world threats.

• Experience writing and managing custom WAF rules, including allowlisting, rate limiting, bot management, and geo-restriction policies.

• Understanding of OWASP Top 10, static/dynamic analysis, and common application security tools.

• Basic background in development or scripting (Python, Bash, or similar) to support automation of WAF rule deployment and log analysis.

• A solid understanding of network and web-related protocols (TCP/IP, UDP, HTTP, HTTPS, TLS).

• Experience in identifying security issues through code review.

• Excellent analytical skills with the ability to manage multiple projects under strict timelines in a dynamic environment.

• Experience working directly with developers to remediate identified vulnerabilities.

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely.

Nice to have:

• A relevant certification to CSSLP, CEH, AWS Security Specialty, or vendor-specific WAF certifications (e.g., F5 Certified, Imperva Certified).

• Experience working in Agile or DevSecOps environments.

Responsibilities:

• Participate in and support application security reviews and threat modeling, including code review and dynamic testing.

• Own and perform application security vulnerability management across cloud and on-premises environments.

• Design, implement, tune, and maintain Web Application Firewall (WAF) policies to protect applications from threats, including injection attacks, cross-site scripting (XSS), DDoS, and OWASP Top 10 vulnerabilities.

• Monitor WAF alerts and logs, analyze traffic patterns, investigate security events, and adjust policies to minimize false positives while maintaining strong protection.

• Collaborate with network, infrastructure, and development teams to ensure WAF rules align with application behavior and business requirements.

• Facilitate and support the preparation of security releases.

• Support and consult with product and development teams on application security best practices.

• Help in the creation of security training materials, including WAF policy management guidelines.

• Assist in the development of automated security testing to validate that secure coding best practices are being followed.

• Support dynamic and static vulnerability scanning tools.

• Maintain open source software (OSS) scanning tools.

• Evaluate and recommend WAF solutions and related security technologies as the application landscape evolves.

We offer:

• US and EU projects based on advanced technologies.

• Competitive compensation based on skills and experience.

• Regular performance appraisals to support your growth.

• Flexibility in workspace, either remote or our welcoming office.

• Bonuses for article writing, public talks, and other activities.

• Generous time off, including vacation, national holidays, sick leaves, and family days.

• Personalized learning programs tailored to your interests and skill development.

• Free tech webinars and meetups organized by Svitla.

• Regular corporate online activities.

• Awesome team and a friendly, supportive community