IT Security Analyst | f/m/d

About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies’ strengths and best practices. As a part of ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, we support millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

In October 2022, ET&S S.A. expanded its scope of operations by creating a Business Services unit to contribute in a new way to the growth of ERGO’s business. Acting as a co-partner and internal consultant, it adds non-IT value and supports the development of the entire ERGO Group, currently offering skills in reporting, analysis, actuarial, and input management. We are committed to fostering innovation and meeting the evolving needs of our clients worldwide.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and business-related services to anticipate and address our customers’ future needs.

About the role

As a member of the Security Testing, IT Risk and Security, you’ll be part of a team delivering an independent secure code scanning service. You will be responsible for delivering the secure code scanning service within Risk and Security, providing expertise and insights into where application development teams must and need to improve their application code quality.

You’ll ensure ethical and authorized scanning and testing provides development teams and application owners the assurance and insights necessary to safely deliver cutting-edge applications. You’ll work alongside vendor partners as they augment the in-house service. You’ll look to make suggestions and seek opportunities to improve our testing methodologies and services.

You’ll contribute to projects and development work across the company and help produce reporting used by partners to understand and manage our appetites for cybersecurity and risk.

How you will get the job done

• performing secure code review for web, mobile and back-end applications

• identifying security vulnerabilities aligned with OWASP top 10, SANS and CWE standards

• analyzing code written in Java, JS, Python, C/C++, SQL, Gosu, ABAP, swift or other languages

• reviewing pull requests and the CI/CD pipeline for security issues

• validating findings from the SAST tool and eliminating false positives

• providing clear remediation guidance to the developer with secure code examples

• conducting threat modelling and design-level security issues

• collaborating closely with the team during the development and release cycle

• creating and maintaining secure code guidelines and standards

• creating and updating documentation for audit reviews and training team members

• tracking vulnerabilities and ensuring timely remediation and closure

• preparing and publishing test results/outcomes

Skills and experience you will need

• fluency in English

• Bachelor’s degree in Information Security, Computer Science, or a related field

• strong experience in secure code review and application security

• deep knowledge of OWASP top 10 (Web - API) and understanding of basic vulnerabilities

• hands-on experience with SAST tools like checkmarks, Fortify, SonarQube

• understanding of secure SDLC and DevSecOps process

• familiarity with authentication, authorization, cryptography and session management

• self-starter, able to set and complete scheduled workloads, and cross-train with other team members for coverage where needed

• ability to read and understand the codebase

• strong communication skills, especially when explaining security issues to developers and other stakeholders, and the ability to work collaboratively in fast-paced agile environments

Perks & Benefits

Let's be healthy

Medical package, sports card, and numerous sports sections – these are some of the benefits that help our employees stay in good shape.

Let's be balanced

Work-life balance is a key aspect of a healthy workplace. We offer our employees flexible working hours, a confidential employee assistant program, as well as the possibility of remote working. However, staying at home with our in-office gaming room and dog-friendly office in Warsaw won’t be easy.

Let's be smart

We organize numerous workshops and training courses. Thanks to hackathons and meetups, our specialists share their expertise with others. Additionally, we have a wide range of digital learning platforms and language courses.

Let's be responsible

Each year, we participate in several CSR activities, during which, together with our colleagues, we do our best to create a better future.

Let's be fun

Company-wide bike races and soccer matches, film marathons in our cinema room or other engaging team-building activities – we got it covered!

Let's be diverse

Every team member is valued, regardless of gender, nationality, religious beliefs, disability, age, and sexual orientation or identity. Your qualifications, experience, and mindset are our greatest benefit!