Senior Offensive Security Engineer

Join our team in Warsaw, where we’re collaborating on a cutting-edge fintech venture with a global industry leader. Together with our Partner – Klarna, we’re building an IT hub designed to drive innovation in digital payment solutions. We’re on the lookout for top-tier engineers who thrive in dynamic, forward-thinking environments. Spyrosoft is leading the recruitment process, facilitating a seamless experience for candidates who are ready to shape the future of online shopping and payments.

This opportunity is ideal for engineers who value independence, proactiveness, and flexibility. Our engagement begins with a B2B contract through Spyrosoft, transitioning to a direct contract with our Partner.

We offer a hybrid work model in Warsaw’s vibrant Wola district. English fluency and eligibility to work in Poland are essential, as is the successful completion of a background check to meet the rigorous standards of the financial domain.

Our process:

• CV selection
• Initial recruitment screening
• Technical interview
• Online logic test
• Cultural fit interview

Job description:

• Core Penetration Testing and Offensive Security

1. Conduct both white-box and black-box penetration tests on internal and public-facing applications and assets.
2. Manage, triage, and investigate Bug Bounty submissions and external penetration testing findings.
3. Perform variant analysis on vulnerabilities identified through different channels.

• Security Analysis and Research

1. Perform in-depth security analyses of third-party solutions.
2. Develop tools to improve reconnaissance, automation, and metrics collection.

• Collaboration and Guidance

1. Provide expert guidance to developers, product security teams, and the SOC to ensure effective issue remediation.
2. Share knowledge by delivering demos, workshops, and training sessions on offensive security practices.

• Technical Proficiency and Skills

1. Identify and address security issues in code, with a strong focus on Java and Node.js environments.
2. Work proficiently within cloud environments like AWS, leveraging modern microservices design principles.
3. Demonstrate strong scripting skills and contribute to larger Python projects.

• Security Program Development

1. Assess and enhance the security of the technology stack through appropriate measures.
2. Lead projects to promote a strong security culture and improve the organization’s overall security posture.

• Qualifications and Community Engagement

1. Possess industry-recognized certifications (e.g., OSCP, OSWE, CREST, GIAC).
2. Actively participate in Capture The Flag (CTF) competitions and contribute to the cybersecurity community.

• Communication and Initiative

1. Clearly and effectively communicate findings, providing actionable remediation recommendations beyond basic reports.
2. Take initiative to lead impactful projects that elevate the organization’s security culture. Educational Background
3. Candidates should have a strong educational background in Computer Science, Information Technology, or a related field, ensuring a solid foundation in technical principles essential for the position.

• Language Requirement

1. Strong English proficiency is essential, both written and spoken, to ensure effective collaboration and communication across teams.