Application Security Engineer (IGT1) at IFS SOLUTIONS ASIA PACIFIC PTE LTD

Colombo, Western Province, Sri Lanka -

Full Time

Start Date

Immediate

Expiry Date

20 Sep, 26

Salary

0.0

Posted On

22 Jun, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

WAF Monitoring, Web Application Penetration Testing, OWASP Top 10, API Security, Burp Suite, OWASP ZAP, Nmap, Nikto, SQLMap, SIEM Analysis, Vulnerability Assessment, Security Log Analysis

Industry

Software Development

Description

Company Description About IGT1: IGT1 is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates and also a sister company of IFS. At IGT1, we partner with global businesses to provide them with an operation that maximizes efficiency, spurs growth, allows them to develop and deliver world-class products and services, and creates long-term value. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives. With a team of over 500 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary. Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives. About the Client: Kyriba Kyriba is the global leader in cloud-based finance solutions, empowering CFOs and their teams to transform how they activate liquidity as a dynamic, real-time vehicle for growth and value creation. Our award-winning SaaS platform delivers comprehensive treasury, risk management, payments, and supply chain finance capabilities that enable companies to optimize their working capital and enhance financial performance. The Role: We are seeking an Application Security Engineer with a strong focus on Web Application Firewall (WAF) monitoring and web application penetration testing. This role is responsible for detecting, analyzing, and responding to application-layer threats by reviewing WAF logs, security alerts, and performing penetration testing. The engineer will work closely with SOC analysts, DevSecOps, and application teams to strengthen application-layer defenses, investigate suspicious activity, and continuously improve web security controls Job Description Web Application Firewall (WAF) Monitoring & Management Monitor and analyze WAF logs, alerts, and security events to identify malicious activity and potential attacks. Investigate application-layer threats including SQL injection, cross-site scripting (XSS), remote code execution (RCE), credential stuffing, bot activity, API abuse, and other web-based attacks. Fine-tune WAF rules, signatures, and policies to improve threat detection while minimizing false positives. Review and optimize WAF configurations to align with business and security requirements. Collaborate with SOC teams to triage and escalate security incidents involving web applications. Application Security Testing Conduct web application and API penetration testing using manual and automated techniques. Perform vulnerability assessments and security reviews throughout the software development lifecycle. Validate reported vulnerabilities and assess their potential impact and exploitability. Provide detailed findings, risk assessments, and remediation recommendations to development teams. Conduct retesting activities to verify successful remediation of identified vulnerabilities. Qualifications Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field (or equivalent experience). 3+ years of experience in Application Security, Penetration Testing, Security Operations, or a related cybersecurity role. Hands-on experience managing and monitoring Web Application Firewalls (WAFs). Strong understanding of the OWASP Top 10 and common web application attack vectors. Experience conducting web application and API penetration testing. Proficiency with security testing tools such as Burp Suite, OWASP ZAP, Nmap, Nikto, SQLMap, and similar technologies. Experience analyzing security logs and alerts from SIEM and monitoring platforms. Additional Information We champion flexibility and hybrid work options to support varying lifestyles and personal needs. At the same time, we value the power of in-person collaboration to build community, spark innovation, and strengthen connections. Our approach ensures you can work in ways that suit you best while still engaging with colleagues to share ideas and grow together. #LI-Hybrid #LI-DNP

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role focuses on monitoring and managing Web Application Firewalls to detect and mitigate application-layer threats. Additionally, the engineer will perform manual and automated penetration testing on web applications and APIs to identify and remediate vulnerabilities.