Application Security Expert

G2A.COM is the world's largest marketplace for digital entertainment. On our platform, over 30 million people from 180 countries have already purchased more than 100 million digital items. Why? Sellers from all over the world present a rich offering of over 75,000 digital codes for games, software, gift cards, subscriptions, DLCs, in-game items, and various digital entertainment. We are a safe marketplace, where sellers guarantee instant delivery.

What else sets us apart? G2A.COM is a place co-created by a team of 400 exceptional experts representing 12 nationalities. Most of us work in a hybrid model, some remotely, or on-site in a chosen location. Our R&D center is in Rzeszow, we also have offices in Warsaw and Krakow. The company's main headquarters are in Hong Kong, with the central office in Amsterdam.

We address each other by our first name, we are supportive, and we share knowledge. We operate based on DEI values – Diversity, Equity, and Inclusion and provide extensive development opportunities – in 2023 over 180 development and wellbeing events. We work in a dynamically changing environment, continuously implementing and utilizing the latest technologies such as artificial intelligence (AI), augmented reality (AR), and specialized cybersecurity solutions.

We regularly check job satisfaction. According to the latest survey, as many as 88% of us are satisfied with work-life balance, 93% appreciate teamwork, and 83% value managerial support. The average tenure at G2A.COM is an impressive 5 years. This is simply a place where people want to be.

By joining us, you will have the opportunity to collaborate and create projects with international brands such as Google, PayPal, Amazon, VISA, Mastercard, PayU, EY, Synerise, Modivo, Empik, and Microsoft. We think and act globally, and in our daily work, we are guided by analysis and data, although intuition and experience-based insights are also considered a significant asset. We invite you to join us on the journey of co-creating Gate2Adventure – the gateway to the world of digital entertainment. 

We’re waiting for you!

Join our Security & Resilience team as an Application Security Expert. In this role, you will ensure that our applications are more secure — by implementing proper security controls and overseeing that they are built using safe, trusted components. You'll leverage your experience to strengthen system protection and support teams in building resilient applications aligned with best security practices.

Your responsibilities will include standardizing control mechanisms, developing security guidelines, and defining standards to guarantee the stability and resilience of our solutions. You'll analyze automated security test results and assess software architecture for potential threats. By collaborating closely with development teams, you will support them in designing and implementing security-compliant solutions while ensuring their effectiveness and adherence to the highest standards.

We provide full flexibility—you can work in a hybrid model or fully remotely. You’ll have access to modern technological tools and comprehensive support during your onboarding process. We prioritize development, offering opportunities to gain new skills and participate in exciting projects. Benefits include a welcome package, Motivizer vouchers, private medical care, and a MultiSport card.

Your responsibilities:

• Analyzing source code to identify and eliminate vulnerabilities

• Automating and standardizing application security control mechanisms

• Developing guidelines and standards for application security

• Reviewing the results of automated security tests

• Conducting software architecture project reviews

• Reviewing and approving Web Application Firewall (WAF) rules

• Supporting developers in designing and implementing secure-by-design solutions

• Creating, documenting, and supervising the implementation of security guidelines and standards

You're a perfect match for the role, if:

• You have at least 3 years of professional experience in the field of commercial application security

• Programming is your strong suit, and you have at least 3 years of experience in this area (preferred technologies: Golang, Python, or PHP)

• You have a minimum of 2 years of experience in creating and reviewing WAF rules (preferably with knowledge of Akamai WAF)

• You're highly skilled in designing and building security mechanisms for applications in modern technology stacks

• You have experience in threat modeling and conducting security-focused project reviews

• You have solid understanding in CI/CD concepts and Jenkins

• You have hands-on experience with Kubernetes security and containerization

• You're well-versed in common application security vulnerabilities, such as those listed in the OWASP Top 10

• Familiarity with standards like the OWASP Testing Guide, OWASP ASVS, and SANS Top 20 comes naturally to you

• You're proficient in modern and widely used web technologies

• You have a strong understanding of cryptography fundamentals and their application in web solutions

• You're knowledgeable about authentication and authorization protocols (OAuth, SAML, OIDC), their flows, and best practices

• Your English proficiency is at least at the B2 level, allowing you to communicate fluently both verbally and in writing

• You're open to challenges and continuous development

• You're communicative and capable of working effectively in a team

Additional advantages:

• You have a background as a DevOps Engineer or a Software Developer

Why joining us worth it:

• Hybrid or/and remote workplace model

• You receive all the necessary work resources, such as a laptop and/or a phone

• We can provide and deliver ergonomic and electronic equipment for your home office, such as footrests, stability balls, chair with back support, monitor, mousepad, laptop docking station, mouse, keyboard, headphones

• We provide an opportunity for realizing new ideas and appreciate them a lot

• We encourage the development of skills and competences with internal and external trainings

• We value DEI – Diversity, Equity & Inclusion

• We support grassroots initiatives and take part in charity events

• We offer valuable benefits, such as:

• the welcome pack,

• vouchers for the Motivizer platform (each month the employees receive a pool of 220 points they can spend on many products and services available in the system),

• private healthcare

• the MultiSport card,

• an opportunity to take part in internal and external trainings and industry events,

• many more

• You will receive discount codes to use on the G2A.COM sales platform so that you can enjoy the benefits of our offers and services