Principal Cybersecurity Engineer

Join us, and implement top-tier web protection for a global financial leader!

Kraków/Warsaw – based opportunity with hybrid work model (6 days/month in the office).

As a Principal Cybersecurity Engineer, you will be working for our client, a global financial institution, to enhance their Web Application Firewall (WAF) strategy. This organization operates in numerous countries and offers various services that require robust cybersecurity measures to safeguard their critical web applications. You will play a key role in optimizing WAF solutions and ensuring comprehensive protection for both internal and external web applications across multiple platforms. Your expertise will directly contribute to the safety of sensitive data and applications in a fast-paced, constantly evolving environment.

Your main responsibilities: Delivering Web Application and API Protection for critical applications, mainly on the Akamai platform

• Monitoring and reviewing WAF tuning requests to ensure optimal protection
• Conducting detailed log analysis to identify and mitigate false positives
• Creating and maintaining comprehensive WAF tuning documentation, policies, and configurations
• Developing, testing, and recommending tailored WAF policies and rules for specific applications
• Proactively identifying false positives and making necessary adjustments to WAF rules
• Collaborating with cross-functional teams to integrate WAF solutions seamlessly into existing security infrastructure
• Ensuring protection through Akamai, preventing direct attacks to origin servers
• Performing regular assessments and audits of WAF configurations to maintain security posture and compliance
• Staying updated on the latest web security threats and vulnerabilities to improve WAF effectiveness

You’re ideal for this role if you have:

• Extensive experience in WAF management, tuning, and engineering
• Proven track record of optimizing WAF performance by identifying and mitigating false positives
• In-depth knowledge of web application security principles and techniques
• Experience in SOC or CSIRT environments with hands-on log analysis expertise
• Proficiency with log analysis tools like Splunk, Wireshark, or custom scripts
• Experience with major WAF solutions (e.g., Akamai, F5, AWS, GCP)
• Strong analytical and problem-solving skills with a keen attention to detail
• Excellent communication skills, capable of presenting complex security concepts clearly
• Competence in maintaining documentation for WAF tuning and configuration procedures
• Familiarity with automation technologies such as Python, Terraform, or JIRA automation

It is a strong plus if you have:

• Experience working in a large-scale, global financial services environment
• Knowledge of best practices in web application security and protection
• Familiarity with cloud security solutions and their integration with WAF
• Experience delivering service reviews with application owners
• A proactive, detail-oriented approach to cybersecurity challenges

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #6842