Application Security Engineer (m/f/d)

Application Security Engineer (m/f/d)

* Wien
* Vollzeit
* Berufserfahren
* 60.000 - 75.000EUR

Deine Aufgaben

* You design, implement, and continuously improve application security controls for a PHP and JavaScript (NodeJS, React and NextJS) web application
* You embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment
* You perform secure code reviews, threat modelling, and architecture reviews for new and existing features
* You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse
* You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules
* You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement
* You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components
* You help design and maintain automated security test suites for test environments and live systems (continuous validation)
* You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF
* You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs
* You lead vulnerability management for application and cloud services, including prioritization and remediation guidance
* You help shape kununu's application-security policies, standards, and secure design patterns
* You support incident response and post-incident reviews with a strong application-security focus
* You contribute to compliance efforts (e.g. GDPR, ISO 27001) from an application-security perspective

Das bringst du mit:

* Strong experience in application security, ideally for PHP-based web applications
* Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation)
* Hands-on experience with AWS security services, especially:
* Security Hub
* GuardDuty
* CloudTrail
* AWS WAF & Shield
* Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas
* Proven experience with SAST, DAST, and dependency-scanning tools (e.g. Snyk, Dependabot, Trivy, OWASP ZAP, Burp)
* Strong understanding of secure design patterns and common application-security anti-patterns
* Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation
* Familiarity with GitHub Actions and modern DevSecOps practices
* Comfortable scripting or automating security workflows (e.g. Bash, Python, or similar)
* Strong communication skills and ability to work closely with developers and stakeholders
* Fluent in English (Portuguese is a plus)

The right job for you?

Apply now

About the job

Salary range: 60.000EUR - 75.000EUR

We're looking for a driven Application Security Engineer to join our kununu IT team in Porto.
In this role, you'll be responsible for securing our web application and its AWS-native infrastructure, working closely with engineering and Cloud Infrastructure teams to embed security throughout the Software Development Life Cycle (SDLC).

You'll help protect kununu.com, strengthen our application-security posture, and ensure secure, scalable deployments across a modern cloud stack. You'll be a key player in building trust with our users and maintaining a secure SaaS platform.
#kununujob

Deine Benefits

* Mobile Geräte auch zum privaten Gebrauch
* Drinks, Food & Goodies
* Sabbatical und Teilzeit
* Flexibles Home-Office
* Restauranttickets und Mitarbeiterrabatte
* Du-Kultur mit Kommunikation auf Augenhöhe
* Marktkonformes und transparentes Gehalt
* Hackweeks
* Office dogs
* Workation

Your new employer

With over 15 million authentic reviews on employers, company culture, and salaries, we aim to continuously improve the working world together with our community.
We believe that every person - whether actively looking for a job or simply interested in improving their working life - should be able to give and receive accurate and honest insights about companies and jobs before they start them on day one.
We believe in empowering people to choose the right job.
We believe in relevant insights into the day-to-day of a job.

Contact

You still have questions?

Feel free to get in touch with me.

660584117Barbara

Bárbara Serrano