#1 Job Board for tech industry in Europe

  • Job offers
  • Application Security Senior Specialist
    Security

    Application Security Senior Specialist

    Kraków
    Type of work
    Full-time
    Experience
    Senior
    Employment Type
    B2B
    Operating mode
    Remote

    Tech stack

      PSD2

      regular

      DORA

      regular

      Cybersecurity

      regular

      SecOps

      junior

    Job description

    Online interview

    About us:


    The Digital & Data department of Íslandsbanki is a collaborative group of software development professionals who work together following best practices and processes to deliver high-quality software solutions and capabilities.

    • We believe in agile methodologies and cross-team synergy in product ideation and delivery
    • We reach our development goals by encouraging team autonomy, employing a modern technology stack and automated processes, deployment pipelines, testing, and quality gates


    As a Security Specialist, you will take ownership of security assessments, risk management, and process implementation in compliance with key regulations, including DORA, PSD2, and ISO27001. You will work closely with cross-functional teams to embed security practices in the development lifecycle, ensure an effective response to security incidents, and drive continuous improvement across the bank’s cybersecurity strategy.

    This is a high-impact role for a proactive, detail-oriented security professional with strong technical depth, a collaborative mindset, and the ability to manage multiple complex projects in a fast-paced environment.


    Responsibilities:

    • Security Testing: Perform static (SAST), dynamic (DAST), and interactive (IAST) security testing to identify vulnerabilities. Work with teams to implement fixes and improve security postures.
    • Secure Code Review: Review code for security flaws and ensure alignment with coding standards and best practices. Integrate security into the software development lifecycle.
    • Security Training: Lead security training initiatives for developers, QA teams, and other stakeholders to foster a culture of security awareness.
    • Vulnerability Identification and Remediation: Regularly assess IT systems for security vulnerabilities. Collaborate with development teams to remediate identified risks through secure coding practices, dynamic testing, and other mitigation techniques.
    • Compliance Management: Ensure that security processes align with regulatory frameworks (DORA, PSD2, ISO27001) and conduct regular audits and assessments to maintain compliance.
    • Threat Modeling: Analyze applications and systems to identify potential threats and attack vectors. Develop and maintain threat models to prioritize security efforts.
    • Incident Response: Participate in incident response activities by investigating, containing, and mitigating security breaches, working closely with response teams.
    • Cross-Team Collaboration: Support cross-organizational efforts to develop security standards and processes. Work with stakeholders to promote secure development practices across the organization.
    • Process Improvement: Continuously refine security assessment and risk management processes to improve efficiency and effectiveness.
    • Stakeholder Communication: Build positive working relationships with stakeholders and leadership, providing clear insights and guidance on security matters.


    Qualifications:

    • Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
    • 4+ years of experience in cybersecurity, application security, or a related field.
    • Proven experience managing cross-functional or cross-team security projects../;
    • Familiarity with regulatory standards and frameworks such as DORA, PSD2, and ISO27001.
    • Strong analytical and problem-solving skills, with the ability to think creatively and drive security improvements in a dynamic environment.
    • Ability to collaborate effectively with technical and non-technical teams, with strong communication and influencing skills.
    • Certifications such as CISSP, CEH, or equivalent are highly desirable.
    • Experience with cloud computing, networking, cloud application design, and development processes.
    • Proficiency in program management and the ability to handle multiple projects simultaneously.
    • Understanding of modern AppSec, DevSecOps and SecOps practices.
    • Self-motivated and able to work independently with limited supervision.


    What do we offer?

    Self-development:

    • Upskilling trainings
    • Up to 10% of your week dedicated to self-development
    • Conference and education budget – you name events!
    • Icelandic language courses during working hours


    Physical wellbeing:

    • Multisport card
    • Healthcare plan
    • Life insurance policy
    • Restaurant pre-paid card
    • On-site restaurant and fully equipped kitchen including healthy snacks and breakfasts/coffee/refreshments


    Work arrangement:

    • A competitive salary 23k-28k net on B2B contract
    • 25 days 100% paid time off (B2B)
    • Premium hardware (PC, screens, headphones)
    • Company phone
    • Flexible work schedule, emphasis on work-life balance
    • (Almost) Remote work model. We ask you to participate in 2-3-day all team workshops/on site work in the office that happen in general every 3 months.
    • Modern office in the center of Warsaw in CIC, offering yoga, game and wellness rooms, rooftop terrace, children's playroom, events and networking
    • Occasional business travel to Iceland with some extra days on-site to visit the island
    • Social events and team building activities


    Recruitment Process:

    We want to make sure our recruitment process is clear and transparent, so here’s what you can expect:

    1. Initial Call (30 minutes)<br>This first conversation is an opportunity for us to introduce the company and the role, and for you to share more about yourself. It's a chance for us to get to know each other better in a relaxed, informal setting.
    2. Technical Interview with the Hiring Manager<br>If we move forward, you’ll meet with the hiring manager. This stage involves a deeper dive into the technical aspects of the role, as well as the specific tasks and challenges you'll be working on. You’ll also learn more about the team structure and dynamics.
    3. Technical Test (if applicable)<br>In some cases, we may include a short test to assess specific knowledge or skills related to the role.
    4. Team Interview<br>Next, you’ll have the opportunity to meet some of your potential team members. This step focuses on culture fit and collaboration within the team.
    5. Final Interview with the Polish Team Manager<br>In the last step, you’ll have a conversation with the manager of the Polish team. This is usually the final discussion before moving forward with an offer, which we hope to extend soon after!
    • We’re excited to guide you through this process and are looking forward to potentially welcoming you to our team!

    Check similar offers

    Cybersecurity Engineer - Data Protection

    New
    GPC Global Technology Center
    Undisclosed Salary
    Kraków
    Code42
    MS Purview
    OneTrust

    Network LAN WAN Engineer

    New
    HCLTech
    Undisclosed Salary
    Szczecin
    , Fully remote
    Fully remote
    Security
    Firewall
    Network

    Senior Security Engineer

    New
    SCALO
    27K - 28.5K PLN
    Wrocław
    , Fully remote
    Fully remote
    Kubernetes
    Docker
    OWASP

    (Senior) Cybersecurity Engineer, incident response

    New
    Electrolux Group
    17K - 19.9K PLN
    Warszawa
    SIEM
    Splunk
    QRadar

    Analityk Cyberbezpieczeństwa

    New
    Empik
    Undisclosed Salary
    Warszawa
    IT Security
    Powershell
    Python