Senior Security Engineer (Application Security)

Company: Leading global provider of business decisioning data and analytics.

Team: Global Application Security Team works very closely with business and the technology team to implement security controls and to ensure that the products are free of any security defects and vulnerabilities. The team has subject matter experts in the following areas: Application Security Architect, Application Security Engineer, Penetration Testers.

• Career development in a global company with almost 200 years of history.
• Very attractive remuneration (contract of employment or B2B with full social package – paid holidays and sick leave, notice period, etc).
• Work is 100% remote (but the candidate has to reside in Poland).

• Develop SecDevOps practices by implementing key controls (SAST/DAST/SCA) in the SDLC (Software Development Life Cycle).
• Develop software security libraries e.g. ESAPI using Java.
• Drive business compliance to application security standards and controls e.g. vulnerability remediation, SAST/SCA  onboarding.
• Work towards developing the application security roadmap for the firm.
• Provide leadership on different forums on promoting security awareness.
• Manage application security projects to address continuous risk and threats and to reduce vulnerability exposure for the firm.

• Strong background in application security and well informed on key application security controls.
• Experience with implementing and managing static scanning tools and open source scanning tools.
• Experience with CI/CD implementation processes and integration of security tools with build automation tools.
• Strong development experience with software security libraries e.g. ESAPI, JCL.
• Strong experience on guiding development teams on secure coding practices.
• Background and solid understanding of key security concepts such as OWASP, CVSS, CWE etc.
• Experience with manual code reviews and security issue triaging.
• Fluent English.