Review technical architecture and delivery for web and other client delivery platforms.
Review current system security measures and recommend or implement enhancements.
Review and contribute to application designs and solutions.
Identify and define application security requirements and security baselines.
Support application security team with static and dynamic code analysis.
Perform manual and automated penetration tests and retests of web and mobile applications.
Review developers’ code, provide feedback and perform security assessments for consumer-facing applications, services and future technology.
Triage risk of identified vulnerabilities and findings.
Work with external penetration testers, oversee ongoing pentests and exercises, work with application engineering teams on remediation of found vulnerabilities.
Participate (as a subject matter expert) in information security operations duties, including occasional incident response escalations.
Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (server, client, mobile, tablet etc.).
Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product Owners etc.) to support and remediate security gaps.
requirements-expected :
3+ years of product/application security work experience.
Knowledge of common security principles for web application architectures.
Knowledge of practical threat modeling for consumer applications.
Experience in code reviews, business logic assessment, and application security testing.
Solid understanding of security protocols, cryptography, data security, networking, access control, client and server-side protections.
Broad knowledge of security technologies, processes, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles.
Hands-on experience working with DevOps and Agile driven product teams.
Familiarity with application security tools like BurpSuite Pro, SAST/DAST, nmap, Metasploit, and Kali Linux.
Experience in secure software development principles in various languages (Java, Go, JavaScript, Python etc.).
Excellent communication and presentation abilities with great attention to detail.
Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.
Languages: Fluent English and Polish.
offered :
Contract of employment
Hybrid work model (3 days from the office, 2 days from home)
Free access to Max
Benefit package: private medical health care, life insurance, MyBenefit cafeteria including sport card, social funds, retirement pension plans, recognition platform, employee referral program