Application Security Engineer (IGT1)

Company Description

About IGT1:

IGT1 is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates and also a sister company of IFS.

At IGT1, we partner with global businesses to provide them with an operation that maximizes efficiency, spurs growth, allows them to develop and deliver world-class products and services, and creates long-term value. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives. 

With a team of over 500 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary. 

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives. 

About the Client: Kyriba

Kyriba is the global leader in cloud-based finance solutions, empowering CFOs and their teams to transform how they activate liquidity as a dynamic, real-time vehicle for growth and value creation. Our award-winning SaaS platform delivers comprehensive treasury, risk management, payments, and supply chain finance capabilities that enable companies to optimize their working capital and enhance financial performance.

The Role:
We are seeking an Application Security Engineer with a strong focus on Web Application Firewall (WAF) monitoring and web application penetration testing. This role is responsible for detecting, analyzing, and responding to application-layer threats by reviewing WAF logs, security alerts, and performing penetration testing. The engineer will work closely with SOC analysts, DevSecOps, and application teams to strengthen application-layer defenses, investigate suspicious activity, and continuously improve web security controls

Job Description

Web Application Firewall (WAF) Monitoring & Management

• Monitor and analyze WAF logs, alerts, and security events to identify malicious activity and potential attacks.
• Investigate application-layer threats including SQL injection, cross-site scripting (XSS), remote code execution (RCE), credential stuffing, bot activity, API abuse, and other web-based attacks.
• Fine-tune WAF rules, signatures, and policies to improve threat detection while minimizing false positives.
• Review and optimize WAF configurations to align with business and security requirements.
• Collaborate with SOC teams to triage and escalate security incidents involving web applications.

Application Security Testing

• Conduct web application and API penetration testing using manual and automated techniques.
• Perform vulnerability assessments and security reviews throughout the software development lifecycle.
• Validate reported vulnerabilities and assess their potential impact and exploitability.
• Provide detailed findings, risk assessments, and remediation recommendations to development teams.
• Conduct retesting activities to verify successful remediation of identified vulnerabilities.

Qualifications

•  Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field (or equivalent experience).
• 3+ years of experience in Application Security, Penetration Testing, Security Operations, or a related cybersecurity role.
• Hands-on experience managing and monitoring Web Application Firewalls (WAFs).
• Strong understanding of the OWASP Top 10 and common web application attack vectors.
• Experience conducting web application and API penetration testing.
• Proficiency with security testing tools such as Burp Suite, OWASP ZAP, Nmap, Nikto, SQLMap, and similar technologies.
• Experience analyzing security logs and alerts from SIEM and monitoring platforms.

Additional Information

We champion flexibility and hybrid work options to support varying lifestyles and personal needs. At the same time, we value the power of in-person collaboration to build community, spark innovation, and strengthen connections. Our approach ensures you can work in ways that suit you best while still engaging with colleagues to share ideas and grow together. #LI-Hybrid #LI-DNP