Application Security Specialist (regular/senior) (She/He/They)

WHO WE ARE:

The Cyber Security team, part of Accenture Security, assists clients in securing hybrid environments and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the SSDLC process.  

THE WORK:

• Collaborate closely with architecture, product, and development teams to embed security principles from the earliest stages of the Software Development Life Cycle (SDLC), following a security‑by‑design and shift‑left approach.

• Perform application and system security assessments in accordance with recognized industry standards and frameworks, including OWASP ASVS, OWASP Top 10, OWASP API Top 10, CWE Top 25, and other relevant security best practices.

• Design, implement, and govern security controls across the SDLC and SSDLC, ensuring consistent application of secure coding standards, security gates, and automated security testing.

• Conduct security architecture reviews for end‑to‑end solutions, including hybrid, cloud‑native, containerized, microservices‑based, and event‑driven architectures.

• Analyze and assess the security of application code, APIs, infrastructure‑as‑code (IaC), CI/CD pipelines, and supporting platforms.

• Support the design of modern, secure development environments, including secure CI/CD pipelines, hardened build environments, secure artifact repositories, and developer tooling.

• Define and drive Secure Software Development Lifecycle (SSDLC) processes, from security requirements definition and prioritization to software supply chain security, including dependency management, third‑party risk, and SBOM analysis.

• Perform threat modeling for applications and systems, with a strong focus on hybrid, distributed, and cloud‑based environments, identifying risks and proposing effective mitigation strategies.

• Provide hands‑on support to development teams in analyzing, prioritizing, and mitigating identified vulnerabilities, ensuring pragmatic and scalable security solutions.

• Assess and secure AI‑enabled systems and platforms, including applications based on machine learning, large language models (LLMs), and AI agents, across their full lifecycle.

• Identify and mitigate AI‑specific security risks, such as model abuse, prompt injection, data poisoning, training data leakage, insecure model deployment, and unauthorized model access.

• Define security requirements and controls for AI pipelines, including data ingestion, model training, model storage, inference APIs, and integration with existing systems.

• Leverage AI‑based security tools and automation to enhance vulnerability detection, code analysis, threat detection, and security operations efficiency.

• Support governance and compliance efforts related to responsible and secure use of AI, including risk assessments, security controls, and alignment with internal and external regulations.

Flexible: The work location for this role may include a mix of working remotely, onsite at a client or in an Accenture office - depending on specific project circumstances. 

With all our roles, there is some in-person time for collaboration, learning and building relationships with clients, peers, leaders, and communities. As an employer, we will be as flexible as possible to support your specific work/life needs. 

WHAT’S IN IT FOR YOU: 

• Work on international projects, collaborating with top global organizations to solve complex security challenges. 

• Lead and drive innovation, helping clients transform their businesses with cutting-edge security technologies and frameworks. 

• Grow your expertise in a dynamic environment, gaining exposure to the latest trends, tools, and best practices. 

Qualifications

HERE’S WHAT YOU’LL NEED:

• Strong motivation to develop in the area of Application Security and a mindset of continuous learning and skill development in cybersecurity, secure software engineering, and emerging technologies.

• Solid background in IT or software development, with proven experience in engineering, architecture, or operational roles, combined with hands‑on or growing expertise in cybersecurity.

• Good understanding of end‑to‑end application and system architectures, including: layered and monolithic architectures, microservices‑based architectures, event‑driven architectures, service‑oriented architectures (SOA).

• Basic knowledge of application security fundamentals, including: OWASP Top 10, OWASP ASVS, OWASP API Top 10, secure coding best practices, common vulnerability classes and exploitation techniques.

• Practical understanding of common attack techniques, such as XSS, CSRF, SQL Injection, deserialization issues, authentication bypasses, and privilege escalation, as well as familiarity with MITRE ATT&CK / CAPEC frameworks.

• Knowledge of authentication, authorization, and session management concepts, including standards and protocols such as OAuth 2.0, OpenID Connect, SAML, SSO, and modern identity‑centric security models.

• Good understanding of cryptographic concepts and best practices, including encryption, hashing, key management, and secure use of cryptographic libraries.

• Knowledge of Secure Software Development Lifecycle (SSDLC) principles, including security requirements, secure design, secure coding, testing, vulnerability management, and release governance.

• Experience or knowledge of REST APIs, API security concepts, and API Gateway architectures.

• Ability to analyze source code, APIs, and Infrastructure‑as‑Code (IaC) from a security perspective.

• Interest in securing AI‑enabled applications, platforms, or services, including LLM‑based systems.

• Proficiency in at least one programming language at a good level, such as: Java, .NET / C#, JavaScript, Go, or scripting languages like Python.

• Experience with or strong understanding of static application security testing (SAST) and code review from a security perspective.

• Ability to perform or support threat modeling for applications and systems, considering business logic, architecture, and deployment models.

• Knowledge of Reverse Engineering and Malware Analysis concepts and techniques.

• Strong communication skills and ability to support development teams in vulnerability analysis and remediation.

• Fluency in English and Polish, both spoken and written, due to collaboration with international teams and clients, often in a remote setup.

Research indicates that some candidates, especially the most diverse ones, may hesitate to apply for positions if they don't meet all requirements. If you believe you possess the necessary skills, even if not meeting every requirement, we wholeheartedly encourage you to submit your application.

BONUS POINTS IF YOU HAVE:

• Hands‑on experience with at least one major cloud platform: Azure, AWS, or Google Cloud Platform (GCP).

• Experience securing CI/CD pipelines, build systems, and artifact repositories.

• Familiarity with software supply chain security, including dependency scanning, SBOMs, third‑party risk, and open‑source security.

• Experience working with Git, Jira, and Agile / DevSecOps methodologies.

• Understanding of AI / ML system architectures, including data pipelines, model training, model storage, inference services, and API‑based integration.

• Ability to leverage AI‑powered security tools for code analysis, vulnerability detection, threat analysis, or security automation.

• Understanding of governance, risk, and compliance aspects related to the secure and responsible use of AI.

• Awareness of AI‑specific security risks, such as: prompt injection and model manipulation, data poisoning and training data leakage, insecure model exposure and unauthorized inference, abuse of AI agents and automation.

WHAT WE OFFER:

• Permanent employment contract.

• Individual support of a People Lead and a specific path of professional development, as well as the possibility of a session with a Coach.

• A wide training package (soft, technical, and language training offer, access to the e-learning platforms, Gallup test, GenAI training, possibility of co-financing courses, and certification).

• Employee Assistance Program - legal, financial, and psychological consultations.

• Accenture employees eligible for the Employee share purchase plan automatically become eligible for quarterly dividends if they own company shares.

• Paid employee referral program.

• Private medical care, life insurance.

• Access to the Worksmile platform (possibility of using a wide range of products and services, including the Multisport card).

WHAT WE BELIEVE:

Accenture does not discriminate employment candidates on the basis of race, religion, color, sex, age, disability, national origin, political beliefs, trade union membership, ethnicity, denomination, sexual orientation or any other basis impermissible under Polish law.

All our leaders are committed to building a better, stronger and more durable company for future generations to create positive, long-lasting change. Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and creative, which helps us better serve our clients and our communities.

Our position as partner to many of the world’s leading businesses, organizations and governments affords us both an extraordinary opportunity and a tremendous responsibility to make a difference. Sustainability is one of our greatest responsibilities, which we embed it into everything we do and for everyone we work with.

Clicking apply I hereby express my consent to process my personal data included in my job offer by Accenture Sp. z o.o. or any other entity of the Accenture group for recruitment purposes, and that it is a data controller within the meaning of GDPR. More information about Accenture (and if necessary also its representative) can be found here: https://www.accenture.com/pl-pl/privacy-policy

#LI-EU

#PLSEC