Enova Consulting

Senior Application Security Engineer – AppSec

Enova Consulting

full-time

Posted on:

Location Type: Hybrid

Location: GenevaSwitzerland

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

FluxTCP/IP

About the role

  • Application protection & WAF (core of the role 🔥)
  • Design, deploy and—most importantly—configure application protection solutions (WAF, reverse proxy, load balancer).
  • Establish and refine WAF policies (positive/negative security models).
  • Perform advanced rule tuning and reduce false positives.
  • Deploy protections against common web attacks (OWASP Top 10, injections, XSS, etc.).
  • Implement rate limiting and advanced protection strategies.
  • Manage progressive production rollouts (monitoring mode → blocking).
  • Secure HTTP/HTTPS traffic and manage TLS configurations at the proxy/termination.
  • Control and reduce the exposure surface of applications on the Internet.
  • Contribute to optimizing traffic flows (ports, access, filtering).
  • Ensure consistency of L4/L7 configurations (load balancing, health checks, session persistence).
  • Implement IP reputation-based filtering mechanisms.
  • Leverage threat intelligence feeds to strengthen protections.
  • Manage exceptions (allowlists), limit false positives and maintain rule quality.
  • Contribute to vulnerability management related to application exposure.
  • Participate in log analysis and investigation of security incidents.
  • Document configurations, maintain standards and ensure traceability.
  • Collaborate with network, security and application teams.

Requirements

  • Degree in Computer Science or Cybersecurity, with proven experience in application security and a strong focus on protection.
  • Solid expertise with WAF solutions (configuration, tuning, operation).
  • Strong understanding of protection architectures: reverse proxy, load balancer.
  • Excellent knowledge of web protocols (HTTP/HTTPS, TLS, headers, cookies).
  • Good grasp of networking concepts (TCP/IP, ports, NAT, stateful filtering).
  • Experience securing applications exposed to the Internet.
  • Ability to configure, optimize and maintain security solutions in production.
  • Knowledge of web attack techniques (OWASP, exploitation, attack vectors).
  • Experience with threat intelligence and dynamic filtering.
  • Basic automation skills (scripting, APIs, Git).
Benefits
  • Location: Geneva
  • Start: ASAP
  • Remote work: 2 days/week (3 days on site)
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
WAFapplication protection solutionsreverse proxyload balancerrule tuningrate limitingTLS configurationsIP reputation-based filteringlog analysisscripting
Soft Skills
collaborationcommunicationproblem-solvingattention to detailanalytical thinking
Certifications
degree in Computer Sciencedegree in Cybersecurity