We're looking for a driven Application Security Engineer to join our kununu IT team in Porto. In this role, you'll be responsible for securing our web application and its AWS-native infrastructure, working closely with engineering and Cloud Infrastructure teams to embed security throughout the Software Development Life Cycle (SDLC). You'll help protect kununu.com, strengthen our application-security posture, and ensure secure, scalable deployments across a modern cloud stack. You'll be a key player in building trust with our users and maintaining a secure SaaS platform. Your TasksYou embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment You perform secure code reviews, threat modelling, and architecture reviews for new and existing features You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components You help design and maintain automated security test suites for test environments and live systems (continuous validation) You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs You lead vulnerability management for application and cloud services, including prioritization and remediation guidance You help shape kununu's application-security policies, standards, and secure design patterns You support incident response and post-incident reviews with a strong application-security focus You contribute to compliance efforts (e.g. GDPR, ISO 27001) from an application-security perspective Your SkillsStrong experience in application security, ideally for PHP-based web applications Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation) Hands‐on experience with AWS security services, especially: Security Hub GuardDuty CloudTrail AWS WAF & Shield Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas Proven experience with SAST, DAST, and dependency‐scanning tools (e.g. Snyk, Dependabot, Trivy, OWASP ZAP, Burp) Strong understanding of secure design patterns and common application-security anti-patterns Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation Familiarity with GitHub Actions and modern DevSecOps practices Comfortable scripting or automating security workflows (e.g. Bash, Python, or similar) Strong communication skills and ability to work closely with developers and stakeholders Fluent in English (Portuguese is a plus) Mobile devices also for private use Sabbatical and part‐time options Trust‐based working hours Restaurant vouchers and employee discount Training courses and workshops Up to 12 weeks Workation The gross annual salary for this position ranges between €40,000 and €70,000, depending on qualifications and experience.#J-18808-Ljbffr