Product security reviews. You will perform security reviews on new and existing applications to ensure that all security requirements are implemented and that each application aligns with the organization’s established security baselines. Periodically, you will review and update the security baselines in line with evolving threats, industry standards, and organizational needs.
Architecture and design. You will support the architecture team with threat model, assess risks, and help implement security controls and/or mitigations to address identified issues. You will directly steer the implementation of key applications to ensure we are secure-by-design.
Establish security principles, policies, and governance processes, including design and implement the secure development lifecycle framework and related processes in conjunction with Governance, Risk and Compliance teams. You will embed security into all phases of the product lifecycle—from early discovery and threat modeling to design reviews and secure delivery, and ongoing monitoring and testing post-release.
Vulnerability identification and analysis. You will be responsible for finding new and novel ways to identify and resolve security vulnerabilities. This includes static and dynamic code analysis, security scanning, investigation of security reports from InfoSec, or other trusted partners, and direct work with our incident response team on application security issues and incidents. You will define scope and oversee applications pentest.
requirements-expected :
Perform deep architecture and security reviews on applications (cloud and on-prem) to identify vulnerabilities
Support decision-making by determining the tradeoffs between security and business requirements
Lead implementation of strategic security initiatives that improve security across Colliers
Key skills and qualifications:
Bachelor’s degree in computer science, Cybersecurity, or a related field (or equivalent experience).
5–8+ years of experience in cloud applications, cybersecurity, or related domains.
Strong experience performing threat modelling and security reviews.
Possess hands-on experience on whitebox, greybox, and blackbox assessments or oversight applications pen tests focusing on OWASP.
Must have skills:
Strong documentation skills.
Experience working with various IT Teams and non-IT teams of various disciplines.
The ability to assimilate complex technical challenges and provide appropriate security advice that delivers the right business outcomes.
Preferred:
Relevant certifications: CISSP, CCSP, or equivalent.
Expert knowledge of zero trust, identity, threat detection, and threat modelling and security practices.
offered :
Remote work in Poland;
Contract of employment;
International environment, working in English;
Private healthcare with rehabilitation, 6 additional days off yearly for parents, cafeteria programme and other benefits;
Internal training program;
Job in a company that cares about the sustainable development of the organization;
Working in a company with the titles: Best Employer 2017 and 2019 awarded by Kincentric (formerly AON) and Investor in Human Capital 2019, 2021, 2022, 2023, 2024 and 2025.
