Application Security Engineer

• You design, implement, and continuously improve application security controls for a PHP and JavaScript (NodeJS, React and NextJS) web application
• You embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment
• You perform secure code reviews, threat modelling, and architecture reviews for new and existing features
• You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse
• You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules
• You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement
• You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components
• You help design and maintain automated security test suites for test environments and live systems (continuous validation)
• You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF
• You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs
• You lead vulnerability management for application and cloud services, including prioritization and remediation guidance
• You help shape kununu's application-security policies, standards, and secure design patterns
• You support incident response and post-incident reviews with a strong application-security focus
• You contribute to compliance efforts (e.g. GDPR, ISO 27001) from an application-security perspective, We're looking for a driven Application Security Engineer to join our kununu IT team in Porto. In this role, you'll be responsible for securing our web application and its AWS-native infrastructure, working closely with engineering and Cloud Infrastructure teams to embed security throughout the Software Development Life Cycle (SDLC).

You'll help protect kununu.com, strengthen our application-security posture, and ensure secure, scalable deployments across a modern cloud stack. You'll be a key player in building trust with our users and maintaining a secure SaaS platform. #kununujob

• Strong experience in application security, ideally for PHP-based web applications
• Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation)
• Hands-on experience with AWS security services, especially:
• Security Hub
• GuardDuty
• CloudTrail
• AWS WAF & Shield
• Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas
• Proven experience with SAST, DAST, and dependency-scanning tools (e.g. Snyk, Dependabot, Trivy, OWASP ZAP, Burp)
• Strong understanding of secure design patterns and common application-security anti-patterns
• Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation
• Familiarity with GitHub Actions and modern DevSecOps practices
• Comfortable scripting or automating security workflows (e.g. Bash, Python, or similar)
• Strong communication skills and ability to work closely with developers and stakeholders
• Fluent in English (Portuguese is a plus)