Informacje o stanowisku

Application Security Engineer- (Warsaw, Poland)

We’re GeoComply! We are at the forefront of geolocation, cybersecurity, and anti-fraud innovation, developing and delivering cutting-edge technologies to help ensure regulatory compliance, combat bad online actors, alleviate user friction, and protect businesses from fraud.

Achieving significant business and revenue growth over the past three years and dubbed a tech “Unicorn,” GeoComply has been trusted by leading global brands and regulators for over ten years. Our compliance-grade geolocation technology solutions are installed on over 400 million devices and analyze over 12 billion transactions a year.

As an Application Security Engineer at GeoComply, you’ll play a vital role in ensuring our applications are secure, resilient, and trustworthy. You’ll work within a team that influences secure design, performs code analysis, and identifies vulnerabilities through hands-on testing. This role involves designing, implementing, and maintaining robust security measures throughout the Software Development Lifecycle (SDLC), fostering a culture of security across development and operations teams.

Key Responsibilities

• Application Security Review: Drive the secure development lifecycle by conducting design reviews, automated testing, and hands-on penetration testing to identify potential security vulnerabilities across applications and non-compliance with security standards.
• Threat Modeling: Identify potential attack vectors and devise strategies to mitigate these threats.
• Secure Design Consultation: Collaborate with development teams early in the SDLC to establish and integrate security requirements, ensuring robust security architecture for new projects and releases.
• Security Tools Management: Implement and manage advanced security tools, focusing on automation. Leverage Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), security scanners, and bug bounty programs to assess and secure applications.
• Developer Education & Engagement: Act as a security advocate within GeoComply’s development community. Educate software engineers on secure coding practices through training sessions, security guidelines, and one-on-one mentorship, fostering a strong security culture across teams.
• Assisting During Incident Response: Serves as a trusted subject matter expert to bring application security expertise to root-cause analysis and remediation planning where appropriate.

Technical Proficiency

• Experienced in deploying and configuring enterprise-grade security tools, including SAST, DAST, and security scanners.
• Familiarity with leading security tools, such as BurpSuite, ZAP and Metasploit, for identifying and managing vulnerabilities.
• Bug Bounty and Vulnerability Management: Skilled in supporting bug bounty programs, including triage, validation, and re-testing of security findings to ensure effective remediation.
• Data Protection and Cryptography: Competence in designing secure solutions for sensitive data, applying cryptographic techniques, access controls, and hardware security modules (HSM) to protect critical assets.
• Version Control Systems: Proficiency with Git (GitHub).
• CI/CD and Automation Experience: Experienced in integrating security within CI/CD pipelines, utilizing tools like Jenkins, Artifactory, and related automation technologies.
• Authorization & Networking Protocols: Familiarity with authentication/authorization frameworks (OAuth, SAML, OpenID, ADFS, SCIM) and a solid understanding of network and web related protocols (e.g. TCP/IP, UDP, HTTP, REST, DNS, SMTP).
• Architecture Knowledge: In-depth understanding of web application architectures, APIs, microservices, and cloud-native systems.

Experience

• Educational Background: Bachelor’s degree in Computer Science, Engineering, MIS, CIS, or a related discipline is required.
• Professional Experience: 3+ years of experience in application security, including hands-on roles in code analysis, vulnerability identification, and secure design.

At GeoComply, we’re at the forefront of geolocation, cybersecurity, and anti-fraud innovation. Joining our team means working on cutting-edge technology with a group of passionate, skilled individuals who prioritize security, teamwork, and continuous growth. We offer a collaborative hybrid work environment and value in-person interaction while providing flexibility for our team members.

Apply Now!

Interested in joining our team? Send us your resume and a cover letter. We can’t wait to meet you!

Commitment to Diversity and Equity.

If you dont tick every box in this job description, please dont rule yourself out. We focus on hiring people who value inclusion, collaboration, adaptability, courage, and integrity rather than ticking boxes, so if this resonates with you, please apply.

Warszawa - Oferty pracy w okolicznych lokalizacjach