Senior Application Security Engineer

About ShiftKey

ShiftKey is a platform that is disrupting the way healthcare facilities find licensed and certified professionals to fill available shifts. Leveraging marketplace dynamics and deep industry knowledge, the company is playing a vital role in mitigating America’s healthcare staffing shortages, enabling direct connections between facilities and healthcare professionals. By offering the opportunity to work as much or as little as they choose and putting the power back into the hands of healthcare workers, ShiftKey is bringing more licensed professionals back into the workforce, a solution that is solving a major crisis in healthcare. For more information, visit www.ShiftKey.com.

The role

We're looking for a Senior Application Security Engineer to join our global Information Security team at ShiftKey. In this role, you’ll get to work with cutting-edge technologies, enjoy a high degree of autonomy, and help shape the future of our application security program. This position marks our second location in Poland, offering you a unique chance to collaborate with colleagues around the globe.

You’ll work with technologies like Veracode (dynamic and static scanning), AWS Security Stack (WAF, Guard Duty, Shield, Security Hub), Kafka, Jira, and Burp Suite.

Where you’ll work

You have to be located in Poland to be considered for this position. You’ll have the flexibility to choose between remote work or working from our office in Warsaw.

What you’ll be doing

• Collaborating with software development teams to define and implement security requirements during the design and architecture phases of application development.
• Defining and advocating secure coding practices and coding standards within development teams.
• Providing guidance and training to developers on secure coding principles and techniques.
• Automating security testing processes to seamlessly integrate security into the development lifecycle.
• Collaborating with incident response teams to respond to and manage application-related security incidents.
• Analyzing application vulnerabilities and offering expert guidance to development teams on effective remediation methods.

What you’ll need

• Minimum of 5 years of experience in application security, secure application development, or related roles that contribute to a strong foundation in software development.
• Proficiency in at least one scripting language (Python or JavaScript); additional languages are a plus.
• Familiarity with application security frameworks (e.g., STRIDE, OWASP) and experience with development tools such as GIT.
• Hands-on experience with application security testing tools (e.g., SAST, DAST, IAST); experience with a combination of these tools is preferred.
• Strong analytical and problem-solving skills, with the ability to analyze complex security issues and articulate solutions clearly.
• Proven ability to collaborate effectively with cross-functional teams, including development, operations, and compliance, while promoting a culture of security awareness through training, documentation, and regular communication.

Perks of working for ShiftKey

• A high-growth, friendly, and engaging work environment with the potential for career development opportunities.
• Above standard paid time-off policy.
• Remote work option (we meet up once per quarter) or work in the office, whatever works for you!
• Modern office, overlooking Vistula River with recreational facilities.
• Private Medical Care.
• Sport Card.
• Life Insurance.
• Latest work equipment.