Senior Security Engineer

Our mission at Netguru is to help entrepreneurs and innovators shape the world through beautiful software. We care about trust, taking ownership, and transparency. As a Certified B Corporation®, we offer a safe, inclusive and productive environment for all team members, and we’re always open to feedback. If you want to work from home and be a full time employee, great! We want to create the right opportunities for you.

Your responsibilities:

• Consulting for commercial clients
• Auditing and hardening of CI/CD pipelines and cloud-based infrastructures
• Support for project teams in implementing the best security practices in the design, development, and maintenance of web and mobile applications
• Conducting security audits, assessments, and pentests of web and mobile applications and cloud-based systems
• Helping with implementation of security tools (i.e. vulnerability scanners, SAST, DAST etc.)
• Performing security incident analysis, response, and remediation for cloud-based web applications
• Upskilling other members of project teams

Working in one of these specializations: Pentester, Cyber Security Consultant, Cloud Security Engineer or DevSecOps Engineer.

Requirements

• Hands-on experience in the area of web application security;
• Ability to conduct risk analysis and threat modelling based on known types of vulnerabilities and attacks on web and mobile applications;
• Knowledge of best practices and standards in the field of software development (Software Development Life Cycle - SDLC) of web applications with particular emphasis on the principles of secure software development (i.e. OWASP ASVS);
• Knowledge and experience in cloud security and best practices in an AWS/Azure/GCP environment;
• Knowledge of techniques in the field of penetration testing (reconnaissance, vulnerability analysis, pentesting tools, reporting);
• Very good command of written and spoken English (B2 +).

Nice to have:

• Experience with Linux administration, Docker, and cloud solutions like AWS or Azure;
• Experience working with tools such as SAST and DAST, vulnerability scanners, patch-level verifiers, etc.
• Technical security certifications;
• Good knowledge of the CI/CD process and automation combined with its security assessment;
• Experience in pentesting;
• Experience in security for mobile applications;
• Practical knowledge of security requirements as defined in documents such as GDPR, ISO 27001, HIPAA, PCI-DSS, PSD/PSD2.

Benefits

Perks & Benefits:

• Access to the WorkSmile platform offering benefits adapted to your preferences:
  • Multisport card,
  • Private health insurance package,
  • Life insurance,
  • And hundreds of other options to choose from 15 categories (shopping, leisure, travel, food, etc.)
• Support for your growth - a book budget and a head/manager’s budget available to every employee,
• Discounts on Apple products,
• One-time 1000 PLN home office bonus,

Various internal initiatives: webinars, knowledge sharing sessions, internal conferences.