Application Security Engineer

Who we are 

At The Stepstone Group, we have a simple yet very important mission: The right job for everyone. Using our data, platform, and technology, we create opportunities for job seekers and companies around the world to find a perfect match, in fair and equitable way. With over 20 brands across 30+ countries, we strive for fair and unbiased hiring.  

At our Tech Hub, located near Wilanowska Metro, we are here as more than 300 ambitious specialists who work on the development of our IT products. We are proud to be part of The Stepstone Group, a global expert in job-tech platforms and e-recruiting. 

Join our team of 4,000+ employees and be part of reshaping the labour market and becoming the world’s leading job-tech platform.  

The job at a glance  

As an Application Security Engineer, you will play a pivotal role in safeguarding our organization's applications and data. You will work closely with development teams to integrate security tools into our CI/CD pipelines, ensuring that security is baked into the development process from the outset. Additionally, you will be responsible for automating threat modeling, security testing, and vulnerability assessments to proactively identify and mitigate potential risks.

Your responsibilities

• CI/CD Integration: Develop and integrate security tools into our CI/CD pipelines to automate security testing, code analysis, and vulnerability scanning throughout the development lifecycle.
• Threat Modeling Automation: Create and maintain automated threat modeling processes to identify and assess potential security risks in our applications.
• Security Testing and Automation: Conduct and automate security testing activities, including vulnerability assessments, penetration testing, and code reviews, to identify and remediate security vulnerabilities.
• Web Application Architecture: Demonstrate a deep understanding of web application architecture and design principles to effectively assess and mitigate security risks.
• SDLC Knowledge: Apply knowledge of the Software Development Security Lifecycle (SDLC) to ensure security is integrated into all phases of the development process.
• Development Skills: Possess proficiency in .NET and Node.js development to contribute to secure coding practices and understand application vulnerabilities.

Your skills and qualifications

• Minimum 5 years of experience in application security or a related field.
• Strong understanding of security principles, practices, and frameworks (e.g., OWASP, NIST).
• Proficiency in scripting languages (e.g., Python, Bash).
• Experience with security tools and technologies (e.g., vulnerability scanners, Web Application Firewalls).
• Certification in cybersecurity (e.g., OSWE, OSCP, ).
• Experience with cloud-based security (e.g., AWS, Azure, GCP).
• Knowledge of DevOps practices and tools.

Software/Hardware 

• Mac/Dell laptop 
• Windows/macOS system 
• 2 monitors (24",27",32") 
• Adjustable desks 
• Slack+Teams 
• Atlassian tools 
• JIRA, Confluence  

Your benefits 

We’re a community here that cares as much about your life outside work as how you feel when you’re with us. Because your job shouldn’t take over your life, it should enrich it. Here are some of the benefits we offer: 

• Medical and dental care 
• Life insurance 
• Benefit platform budget 
• Employee Referral Program 
• Hackathons, Knowledge Sharing Hours 
• In-house projects 
• Events and integration parties 
• Charity initiatives, 2 extra volunteer days 
• English/German classes 
• Game room and chillout zone 

Our commitment 

Equal opportunities are important to us. We believe that diversity and inclusion at The Stepstone Group are critical to our success as a global company, so we want to recruit, develop, and keep the best talent. We encourage applications from everyone, regardless of background, gender identity, sexual orientation, disability status, ethnicity, belief, age, family or parental status, and any other characteristic.