Senior Security Engineer (AppSec)

Work with HelloFresh in Warsaw and its HelloTech organisation, HelloFresh’s global technology backbone with more than 1000 people, building the digital products that power our end-to-end food experience. From meal kits and ready-to-eat meals to specialty offerings like pet food and premium meat & seafood, HelloTech creates the platforms that bring tailored food solutions to millions of customers every month. Our subscription-based, direct-to-consumer model relies on technology at every step, from customer-facing apps and personalization logic to pricing, forecasting, supply chain optimization, and initiatives that help reduce food waste. While our brands operate independently to serve distinct customer needs, they are united by shared platforms, data, and operational excellence built by HelloTech. HelloTech works in autonomous, cross-functional alliances, each owning a specific product or domain end to end. By working with our Warsaw office, you will help shape scalable, data-driven products used across our markets, working with a modern tech stack and international teams to continuously improve how people discover, order, and enjoy HelloFresh’s products, today and in the future.

About the role: What's in the Box

The service provider will collaborate with the HelloTech security organization to ensure HelloFresh remains a trusted global brand. This engagement focuses on the maintenance and iteration of the Vulnerability Management Program, providing comprehensive coverage across Penetration Testing, Red Teaming, Cloud Assessments, Source Code Reviews, and Bug Bounty initiatives. As an external expert, the contractor will deliver specialized offensive security services to identify risks and strengthen the organization's defensive posture.

What you’ll do: The Recipe

• Perform network and cloud penetration testing, web and mobile application security assessments, and source code reviews.

• Conduct specialized threat analysis, wireless network assessments, and social-engineering simulations.

• Develop comprehensive technical reports and presentations tailored for both technical stakeholders and executive leadership.

• Communicate findings and remediation strategies effectively to primary stakeholders, including technical staff and legal counsel.

• Utilize formal project management methodologies for the planning, tracking, and reporting required to close the remediation loop.

• Safely employ attacker tools, tactics, and procedures (TTPs) to identify vulnerabilities and analyze system weaknesses.

• Develop custom scripts, tools, and methodologies to enhance the efficiency of the Vulnerability Management Program.

What you’ll bring: The Ingredients

• 4-7 years of professional experience demonstrating advanced proficiency in at least four of the following: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, or Social Engineering.

• Thorough technical understanding of network protocols, client-server models, application architecture, and diverse classes of security flaws.

• Proven proficiency in a modern scripting language such as Python or Go.

• Relevant offensive security certifications, such as OSWE, GWAPT, or equivalent mobile/web penetration testing credentials.

• Active participation in web hacking challenges, security competitions, or public bug bounty programs.

• Experience in the development of tools or plugins specifically for security testing and analysis.

• Ability to develop, extend, or modify exploits, shellcode, or associated exploit tools.

• Expertise in performing source code reviews for control flow analysis and security flaws.

• Strong command of industry-standard tools used for cloud, wireless, web, and network security testing.

Above all, we are looking for individuals who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you. 

What we offer: The Toppings

• Global collaboration at scale: Collaborate with experienced engineers and product partners across HelloTech’s international teams, in a culture of active knowledge sharing.

• Technology with real-world impact: Build and operate modern systems at global scale, supporting 6+ millions of customers and complex supply chain operations.

• Technical/Product/Design leadership: Drive best practices and influence architecture/design, quality, and ways of working in an autonomous, product-led setup.

• End-to-end development/delivery: Drive decisions from problem definition to production, improving systems and enabling long-term scalability.

• Access to workspace at Warsaw Centre Point: The hub offers modern facilities including showers, breakout zones, outdoor space, cycle parking, and refreshments (coffee, soft drinks, and fruit).

Are you the missing ingredient? If this sounds like a tasty opportunity, we’d be excited to hear from you. We aim to review your profile and respond within 5 business days.