Application Security Engineer

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies’ strengths and best practices. As a part of ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, we support millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

In October 2022, ET&S S.A. expanded its scope of operations by creating a Business Services unit to contribute in a new way to the growth of ERGO’s business. Acting as a co-partner and internal consultant, it adds non-IT value and supports the development of the entire ERGO Group, currently offering skills in reporting, analysis, actuarial, and input management. We are committed to fostering innovation and meeting the evolving needs of our clients worldwide.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and business-related services to anticipate and address our customers’ future needs.

How you will get the job done

• being a member of Data & Application Security team with a focus on operational application security technologies including Web Application Firewall (WAF), File Integrity Monitoring tools (FIM), and cloud security initiatives
• configuring the Web Application Firewall solution to establish cyber threat protection
• creating, refining, and managing security rules and policies within the security applications to prevent web vulnerabilities
• monitoring web traffic, analyzing security logs, and taking action against unusual activities
• responding quickly to security incidents, collaborating with incident response teams
• integrating threat intelligence feeds to enhance protection against emerging risks
• continuously optimizing tool performance, minimizing latency for seamless user experience
• managing ServiceNow workflows to update and patch security services
• maintaining organized documentation of security & WAF configurations, rules, and procedures

Skills and experience you will need

• fluent spoken and written English
• analytical mindset to troubleshoot and resolve complex security issues
• ability to explain technical vulnerabilities and remediation steps to developers, managers, and non-technical stakeholders
• experience working with cross-functional teams (developers, DevOps, product managers) to integrate security into workflows
• understanding of HTTP/HTTPS protocols, RESTful APIs, and GraphQL security
• knowledge of authentication (OAuth, JWT) and session management best practices
• ability to identify potential threats and design countermeasures during the software development lifecycle (SDLC)
• familiarity with encryption standards (e.g., AES, RSA) and secure key management practices
• experience with securing applications in cloud environments (e.g., AWS, Azure, Google Cloud)
• knowledge of container security (e.g., Docker, Kubernetes)
• understanding of integrating security into CI/CD pipelines (e.g., Jenkins, GitLab CI)
• familiarity with Infrastructure as Code (IaC) security
• ability to identify, prioritize, and remediate vulnerabilities using tools like Tenable Nessus
• understanding of network protocols, firewalls, and how they relate to application security
• familiarity with security tools and frameworks (e.g. Burp Suite, Metasploit, Wireshark, Nmap, Dependabot, OWASP, NIST, MITRE ATT&CK) and Git (e.g., GitHub, GitLab).

Nice to have

• certifications (e.g. Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), Certified Secure Software Lifecycle Professional (CSSLP), AWS Certified Security – Specialty)

Perks & Benefits

Let's be healthy

Medical package, sports card, and numerous sports sections – these are some of the benefits that help our employees stay in good shape.

Let's be balanced

Work-life balance is a key aspect of a healthy workplace. We offer our employees flexible working hours, a confidential employee assistant program, as well as the possibility of remote working. However, staying at home with our in-office gaming room and dog-friendly office in Warsaw won’t be easy.

Let's be smart

We organize numerous workshops and training courses. Thanks to hackathons and meetups, our specialists share their expertise with others. Additionally, we have a wide range of digital learning platforms and language courses.

Let's be responsible

Each year, we participate in several CSR activities, during which, together with our colleagues, we do our best to create a better future.

Let's be fun

Company-wide bike races and soccer matches, film marathons in our cinema room or other engaging team-building activities – we got it covered!

Let's be diverse

Every team member is valued, regardless of gender, nationality, religious beliefs, disability, age, and sexual orientation or identity. Your qualifications, experience, and mindset are our greatest benefit!