Security Engineer

• Position: Security Engineer – Vulnerability Management

• Salary: up to 17 000 PLN gross/month, COE (UoP)

• Working mode: Hybrid / Remote

Our client is a global technology company providing a cloud-based platform that helps organizations manage large volumes of data and complex workflows. Their product is widely used by enterprise clients across various industries. The company operates in a modern cloud environment and places strong emphasis on security, scalability, and reliability. Security teams work closely with engineering to proactively identify and mitigate risks. The organization promotes a collaborative culture and continuous improvement.

Role summary

As a Security Engineer focused on Vulnerability Management, you will be responsible for identifying, assessing, and driving remediation of vulnerabilities across the organization’s systems and applications.

Responsibilities:

• Support the Vulnerability Management program by contributing to scalable processes and enabling the adoption of security services.

• Assist in developing and maintaining automation and reusable tooling to improve efficiency across the program.

• Maintain and optimize vulnerability scanning tools by performing updates, resolving issues, monitoring performance, and coordinating with vendors to ensure reliable and accurate risk data.

• Implement and direct Vulnerability Management processes. Oversee the entire vulnerability management lifecycle: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification.

• Assist in improving configuration management practices by identifying misconfigurations, contributing to standards, and supporting efforts that enhance efficiency, effectiveness, and compliance.

• Actively swarm on high‑urgency vulnerability response events by rapidly triaging findings, determining impact radius, coordinating with responsible teams, and driving swift remediation to reduce risk as quickly as possible.

• Contribute to team objectives aimed at reducing overall risk and identifying new areas of exposure.

• Collaborate with internal teams to validate and remediate findings from vulnerability scans, third-party assessments, and the Bug Bounty Program.

• Improve configuration management practices to enhance efficiency, effectiveness, and compliance.

• Perform threat modeling to assess the severity of a vulnerability.

• Participate in sessions and events to enhance the skills and expertise of the team, fostering a culture of continuous learning and improvement.

• Enhance risk visibility by reporting on relevant metrics.

Minimum qualifications: 

• Familiarity with common software vulnerabilities (ex: OWASP Top 10) and their remediations.

• Bachelor’s degree in Computer Science, Cybersecurity, or related field OR equivalent experience.

• Experience with cloud platforms (e.g., Azure, AWS) and containerization technologies.

• Excellent verbal and written communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

• Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges.

Preferred qualifications:

• 1 year of experience on a security team.

• Knowledge of professional software engineering practices & software development life cycle (SDLC), including coding standards, code reviews, source control management, build processes, testing, and operations.

• Experience with modern vulnerability scanning tools.

• Experience deploying Infrastructure as Code using Pulumi.

• Proficiency in at least 1 modern Object-Oriented Programming (OOP) language, preferably .NET.

• Experience working in a SaaS environment operating on a global scale.

• Experience in the legal space.

• Experience working with container vulnerability scanning tools.

• Experience working with Azure.

• Experience working with FedRAMP.

Benefit Highlights:

• Comprehensive health, dental, and vision plans

• Parental leave for primary and secondary caregivers

• Flexible work arrangements

• Two, week-long company breaks per year

• Additional time off

• Long-term incentive program

• Training investment program