The project focuses on implementing and maintaining application security tools and processes, with a strong emphasis on vulnerability analysis, tool optimization, and supporting engineering teams in adopting secure development practices.
responsibilities :
Implement, configure, and manage application security tools focused on SAST, SCA, secrets detection, and IaC scanning
Integrate security scanning tools into CI/CD pipelines, ensuring coverage and minimizing friction for developers
Regularly review scan results, prioritize findings, and work with developers to remediate vulnerabilities
Perform secure code reviews and provide actionable remediation guidance
Maintain and continuously improve security rulesets, baselines, and documentation for tools like Semgrep, Mend, GitHub Advanced Security
Collaborate with security engineers on enhancements to DAST and container/image scanning workflows
requirements-expected :
3+ years of experience in Application Security or Software Development with a security focus
Hands-on experience with tools like Semgrep, Mend, GitHub Advanced Security, and HCL AppScan
Experience working in Git-based CI/CD environments (e.g., GitHub Actions, GitLab CI)
Knowledge of OWASP Top 10, secure coding practices, and common code-level vulnerabilities
Familiarity with DAST tools and experience supporting Pentest validation efforts
Ability to collaborate effectively with developers, security team members, and DevOps
offered :
Stawiamy na długofalowe relacje oparte na uczciwych zasadach i rzetelności
Dofinansowanie karty sportowej Multisport i opieki zdrowotnej Medicover
