Application Security Engineer

About

YellowIpe

Our mission is to inspire the connection between technology and people, we foster the best of our professionals through our expertise in finding and attracting the best talent for the best projects.

The Focus on People, Collaboration and Commitment are the pillars that guide us in this trajectory.

Join the yellow team as our new Application Security Engineer!

Role:

We’re looking for a driven Application Security Engineer.

In this role, you’ll be responsible for securing our web application and its AWS-native infrastructure, working closely with engineering and Cloud Infrastructure teams to embed security throughout the Software Development Life Cycle (SDLC).

Responsibilities:

You design, implement, and continuously improve application security controls for a PHP and JavaScript (NodeJS, React and NextJS) web application

You embed security into the CI/CD pipeline using GitHub and GitHub Actions, from build to deployment

You perform secure code reviews, threat modelling, and architecture reviews for new and existing features

You analyse application traffic patterns to detect and mitigate malicious bots, scraping, and automated abuse

You define application-aware bot protection controls using AWS WAF and Shield, including rate limiting, anomaly detection, and custom rules

You validate bot mitigation effectiveness through testing, monitoring, and continuous improvement

You define and operate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and dependency-scanning tools, including policies for third-party and open-source components

You help design and maintain automated security test suites for test environments and live systems (continuous validation)

You collaborate with Cloud Infrastructure teams to secure AWS workloads running on ECS (EC2 & Fargate), ALBs, Lambdas, and WAF

You monitor, analyze, and respond to application-level security events using Security Hub, GuardDuty, CloudTrail, and WAF logs

You lead vulnerability management for application and cloud services, including prioritization and remediation guidance

You help shape our application-security policies, standards, and secure design patterns

You support incident response and post-incident reviews with a strong application-security focus

You contribute to compliance efforts (e.g.

GDPR, ISO 27001) from an application-security perspective

Requirements:

Strong experience in application security, ideally for PHP-based web applications

Solid understanding of web security fundamentals (OWASP Top 10, authentication, authorization, session management, input validation)

Hands-on experience with AWS security services, especially: Security Hub, GuardDuty, CloudTrail, AWS WAF & Shield.

Experience securing containerized workloads on ECS (EC2 & Fargate) and understanding of ALBs and Lambdas

Proven experience with SAST, DAST, and dependency-scanning tools (e.g.

Snyk, Dependabot, Trivy, OWASP ZAP, Burp)

Strong understanding of secure design patterns and common application-security anti-patterns

Experience defining or maintaining automated security tests for CI/CD pipelines and runtime validation

Familiarity with GitHub Actions and modern DevSecOps practices

Comfortable scripting or automating security workflows (e.g.

Bash, Python, or similar)

Strong communication skills and ability to work closely with developers and stakeholders

Fluent in English (Portuguese is a plus)

Important information:

Hybrid work model (flexible) in Porto.

Apply for this opportunity in our [website](https://www.yellowipe.io/pt/jobs/Application Security Engineer?utm_source=itjobs)! =)