IT Security Engineer

Description

Our mission at Netguru is to help entrepreneurs and innovators shape the world through beautiful software. We care about trust, taking ownership, and transparency. As a Certified B Corporation®, we offer a safe, inclusive and productive environment for all team members, and we’re always open to feedback. If you want to work from home and be a full time employee, great! We want to create the right opportunities for you.

Salary:

• PLN 12,000 - 19,200 monthly (B2B contract);
• PLN 10,000 - 16,000 monthly (Employment Contract); or
• EUR 2,800 - 4,500 monthly (B2B contract).

Curious about your tasks?

You will:

• Analyze clients’ needs regarding the secure architecture, data flows, user stories and infrastructure, and present recommendations during calls with clients and teams.
• Implement security controls into the Software Development Lifecycle: design, development, CI/CD, testing.
• Define non-functional and functional requirements for applications based on the security frameworks and standards: CIS, NIST, OWASP.
• Spread best practices in the area of the application security in development in teams.
• Analyze incidents in project and tools, suggest action points, look for root causes of those incidents.
• Perform security assessments and audits of applications (web and mobile), cloud infrastructure.
• Prepare and maintain policies and documentation on security controls in the software development.

Optionally, based on your skill, you may:

• Perform cloud and mobile applications’ penetration testing.
• Create functional and non-functional requirements for applications’ architecture and infrastructure based on compliance in healhtech, fintech, privacy protection.
• Support internal Information Security teams in ISO 27000-family and privacy-related cases.

Requirements

You must have:

• Proficiency in English (speaking and writing): min. B2+ CEFR.
• Knowledge of well architected secure patterns in application and infrastructure designs, including cloud providers: AWS, Azure, GCP.
• Knowledge of CI/CD concepts.
• Knowledge of protocols used in the Internet on the level which allows debugging and incident response.
• Knowledge of cryptography concepts.
• Great communication skills, both to technical personnel and executives/business owners.
• Knowledge of security frameworks and standards: CIS, NIST, OWASP ASVS, OWASP MASVS.
• Knowledge of security assessments and testing tools for infrastructure, web applications, mobile applications: Burp Suite, OWASP ZAP, MobSF, Trivy, Prowler.

Nice to have:

• Cloud-related security certifications, for example: Microsoft AZ-500, AWS Certified Security Specialty, Google Professional Cloud Security Engineer.
• Penetration testing skills, ideally confirmed with penetration testing certificates: eWPT, GWAPT, OSCP.
• Knowledge of ISO 27000-family framework and controls.
• Knowledge of EU regulations: GDPR, NIS2, CRA, DSA, USA regulations: HIPAA, HiTech, Final Omnibus Rule.
• Former experience as a DevOps, Cloud Engineer.

Benefits

• Access to the WorkSmile platform offering benefits adapted to your preferences.
• Support for your growth - a head/manager’s budget available to every employee.
• Discounts on Apple products.
• One-time PLN 1000 home-office bonus for B2B contractors, and PLN 175 monthly lump sum (ryczałt) for remote employees.
• Various internal initiatives: webinars, knowledge sharing sessions, internal conferences.

Here's what you can expect from the recruitment process:

• First, you'll meet with one of our recruiters to discuss the role and your experience.
• Next, you'll meet with one of our tech experts.
• If everything goes well, you'll have the opportunity to meet your leader at a final interview.

At Netguru, we're committed to creating an inclusive environment for everyone. If you require any disability-related adaptations during the recruitment process, please let us know. We're here to help!