Principal Engineer (Cybersecurity)

Principal Cybersecurity Engineer

Join us, and implement top-tier web protection for a global financial leader!

Kraków/Warsaw - based opportunity with hybrid work model (4/6 days per month in the office).

As a Principal Cybersecurity Engineer, you will be working for our client, a global financial institution, to enhance their Web Application Firewall (WAF) strategy. This organization operates in numerous countries and offers various services that require robust cybersecurity measures to safeguard their critical web applications. You will play a key role in optimizing WAF solutions and ensuring comprehensive protection for both internal and external web applications across multiple platforms. Your expertise will directly contribute to the safety of sensitive data and applications in a fast-paced, constantly evolving environment.

Your main responsibilities:

• Delivering Web Application and API Protection for critical applications, mainly on the Akamai platform
• Monitoring and reviewing WAF tuning requests to ensure optimal protection
• Conducting detailed log analysis to identify and mitigate false positives
• Creating and maintaining comprehensive WAF tuning documentation, policies, and configurations
• Developing, testing, and recommending tailored WAF policies and rules for specific applications
• Proactively identifying false positives and making necessary adjustments to WAF rules
• Collaborating with cross-functional teams to integrate WAF solutions seamlessly into existing security infrastructure
• Ensuring protection through Akamai, preventing direct attacks to origin servers
• Performing regular assessments and audits of WAF configurations to maintain security posture and compliance
• Staying updated on the latest web security threats and vulnerabilities to improve WAF effectiveness

You're ideal for this role if you have:

• Extensive experience in WAF management, tuning, and engineering
• Proven track record of optimizing WAF performance by identifying and mitigating false positives
• In-depth knowledge of web application security principles and techniques
• Experience in SOC or CSIRT environments with hands-on log analysis expertise
• Proficiency with log analysis tools like Splunk, Wireshark, or custom scripts
• Experience with major WAF solutions (e.g., Akamai, F5, AWS, GCP)
• Strong analytical and problem-solving skills with a keen attention to detail
• Excellent communication skills, capable of presenting complex security concepts clearly
• Competence in maintaining documentation for WAF tuning and configuration procedures
• Familiarity with automation technologies such as Python, Terraform, or JIRA automation

It is a strong plus if you have:

• Experience working in a large-scale, global financial services environment
• Knowledge of best practices in web application security and protection
• Familiarity with cloud security solutions and their integration with WAF
• Experience delivering service reviews with application owners
• A proactive, detail-oriented approach to cybersecurity challenges

We offer you:

ITDS Business Consultants is involved in many various, innovative and professional IT projects for international companies in the financial industry in Europe. We offer an environment for professional, ambitious, and driven people. The offer includes:

• Stable and long-term cooperation with very good conditions 
• Enhance your skills and develop your expertise in the financial industry
• Work on the most strategic projects available in the market
• Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years
• Participate in Social Events, training, and work in an international environment
• Access to attractive Medical Package
• Access to Multisport Program
• Access to Pluralsight
• Flexible hours & remote work

Internal job number #6842

You can report violations in accordance with ITDS’s Whistleblower Procedure available here.