We’re looking for a driven Application Security Engineer to join our kununu IT team in Porto.
In this role, you’ll be responsible for securing our web application and its AWS-native infrastructure, working closely with engineering and Cloud Infrastructure teams to embed security throughout the Software Development Life Cycle (SDLC).
You’ll help protect kununu.com, strengthen our application-security posture, and ensure secure, scalable deployments across a modern cloud stack. You’ll be a key player in building trust with our users and maintaining a secure SaaS platform.
The gross annual salary for this position ranges between €60.000 and €75.000, depending on qualifications and experience.
Your Tasks
-
You design, implement, and continuously improve application security controls for a PHP and JavaScript (NodeJS, React and NextJS) web application
-
You embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment
-
You perform secure code reviews, threat modelling, and architecture reviews for new and existing features
-
You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse
-
You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules
-
You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement
-
You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components
-
You help design and maintain automated security test suites for test environments and live systems (continuous validation)
-
You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF
-
You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs
-
You lead vulnerability management for application and cloud services, including prioritization and remediation guidance
-
You help shape kununu’s application-security policies, standards, and secure design patterns
-
You support incident response and post-incident reviews with a strong application-security focus
-
You contribute to compliance efforts (e.g. GDPR, ISO 27001) from an application-security perspective
Your Skills
-
Strong experience in application security, ideally for PHP-based web applications
-
Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation)
-
Hands-on experience with AWS security services, especially:
-
Security Hub
-
GuardDuty
-
CloudTrail
-
AWS WAF & Shield
-
Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas
-
Proven experience with SAST, DAST, and dependency-scanning tools (e.g. Snyk, Dependabot, Trivy, OWASP ZAP, Burp)
-
Strong understanding of secure design patterns and common application-security anti-patterns
-
Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation
-
Familiarity with GitHub Actions and modern DevSecOps practices
-
Comfortable scripting or automating security workflows (e.g. Bash, Python, or similar)
-
Strong communication skills and ability to work closely with developers and stakeholders
-
Fluent in English (Portuguese is a plus)
Your Benefits
-
Bring your dog to the office
-
Up to 12 weeks Workation
-
Mobile devices also for private use
-
Drinks, food & goodies
-
Remote work option
-
Trust-based working hours
-
Communication on equal terms
-
Transparent, competitive salary
-
Board Q&A
Your Contact You still have questions?
Feel free to get in touch with me.
Barbara
Bárbara Serrano
Recruiting Manager
barbara.serrano@kununu.com
Apply Click this link to apply for the job.
Your tasks
Your Tasks
-
You design, implement, and continuously improve application security controls for a PHP and JavaScript (NodeJS, React and NextJS) web application
-
You embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment
-
You perform secure code reviews, threat modelling, and architecture reviews for new and existing features
-
You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse
-
You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules
-
You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement
-
You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components
-
You help design and maintain automated security test suites for test environments and live systems (continuous validation)
-
You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF
-
You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs
-
You lead vulnerability management for application and cloud services, including prioritization and remediation guidance
-
You help shape kununu’s application-security policies, standards, and secure design patterns
-
You support incident response and post-incident reviews with a strong application-security focus
-
You contribute to compliance efforts (e.g. GDPR, ISO 27001) from an application-security perspective
Your profile
Your Skills
-
Strong experience in application security, ideally for PHP-based web applications
-
Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation)
-
Hands-on experience with AWS security services, especially:
-
Security Hub
-
GuardDuty
-
CloudTrail
-
AWS WAF & Shield
-
Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas
-
Proven experience with SAST, DAST, and dependency-scanning tools (e.g. Snyk, Dependabot, Trivy, OWASP ZAP, Burp)
-
Strong understanding of secure design patterns and common application-security anti-patterns
-
Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation
-
Familiarity with GitHub Actions and modern DevSecOps practices
-
Comfortable scripting or automating security workflows (e.g. Bash, Python, or similar)
-
Strong communication skills and ability to work closely with developers and stakeholders
-
Fluent in English (Portuguese is a plus)
What we offer
Your Benefits
-
Bring your dog to the office
-
Up to 12 weeks Workation
-
Mobile devices also for private use
-
Drinks, food & goodies
-
Remote work option
-
Trust-based working hours
-
Communication on equal terms
-
Transparent, competitive salary
-
Board Q&A
Contact
Your Contact You still have questions?
Feel free to get in touch with me.
Barbara
Bárbara Serrano
Recruiting Manager
barbara.serrano@kununu.com