Senior Security Engineer

About the position

Webellian is a well-established Digital Transformation and IT consulting company committed to creating a positive impact for our clients. We strive to make a meaningful difference in diverse sectors such as insurance, banking, healthcare, retail, and manufacturing. Our passion for cutting-edge and disruptive technologies, as well as our shared values and strong principles, are what motivate us. We are a community of engineers and senior advisors who work with our clients across industries, playing a deep and meaningful role in accelerating and realizing their vision and strategy.

About the position

As a Security Engineer within Advanced Analytics Team you will own the technical security baseline for the platform. Your work is the implementation layer between compliance policy and production infrastructure: you design and operate the controls that make the platform private, hardened, and audit-ready. You will work closely with SREs, Platform Engineers, and the Governance team to ensure every workload on the platform — AI services, Java APIs, and frontend applications — meets Zone 4 security standards and regulatory requirements without becoming a bottleneck for delivery teams.

Key responsibilities:

• Design and implement cloud security controls across the platform: network policies, private endpoints, Zone 4 compliance configurations, and Azure Policy enforcement.

• Own workload identity and IAM for AKS: Azure Managed Identity, OIDC Workload Identity federation, RBAC scoping per namespace, and least-privilege access patterns for all platform services.

• Manage secrets infrastructure: Azure Key Vault integration, secrets rotation policies, Kubernetes secrets standards, and audit logging for secrets access.

• Implement and maintain container security controls: image scanning pipelines (Trivy), pod security admission, runtime security standards, and supply chain security (image signing and provenance).

• Operate network security across the platform: private networking design, ingress controls, TLS certificate lifecycle management, and firewall rule governance.

• Run vulnerability management: integrate scanning into CI/CD pipelines, triage CVEs across base images and platform dependencies, prioritize remediation, and track to closure.

• Harden baseline configurations for AKS clusters, ACR, and Azure services; maintain documented security baselines and review them against CIS benchmarks and Azure Security Center recommendations.

• Support audit and compliance requirements: design audit logging coverage, manage log retention, and produce evidence packages for GDPR and regulatory reviews in coordination with the Governance team.

• Integrate threat detection: configure Azure Defender and Sentinel alerting for security events across the platform; own the security alerting runbook.

• Translate compliance requirements from the Governance team into concrete technical controls; own the implementation — Governance owns the policy, you own the execution.

Required Experience & Skills

• 5+ years professional experience in cloud security, infrastructure security, or security engineering roles.

• Strong Azure security services experience: Azure Defender for Cloud, Sentinel, Azure Policy, Key Vault, Private Endpoints, and Entra ID.

• Kubernetes security expertise: RBAC design, network policies, pod security admission, Workload Identity, and namespace-level security isolation.

• Container security experience: image scanning tooling (Trivy, Grype or equivalent), supply chain security practices (signing, provenance), and container runtime hardening.

• IAM and identity depth: managed identities, service principals, OIDC federation, and least-privilege design patterns across cloud and Kubernetes environments.

• Network security fundamentals: private networking architecture, ingress and egress controls, TLS management, and firewall policy governance.

• Vulnerability management process experience: from scanning pipeline integration through CVE triage to tracked remediation.

• Security compliance fundamentals: GDPR principles, audit logging design, data residency requirements, and access control frameworks.

• Scripting proficiency in Python or bash for security automation and tooling integration.

Ways of Working

• Comfortable in agile, iterative delivery environments; able to ship security improvements incrementally without blocking product teams.

• Clear communicator across technical and non-technical stakeholders; translates security risk into business terms for Governance and leadership audiences.

• Proactive learner with pragmatic adoption of AI-assisted developer tools (e.g., GitHub Copilot, Claude Code) to improve security automation and coverage.

Nice To Have 

• Cloud security certifications: AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect), or CISSP.

• Policy-as-code experience: OPA/Gatekeeper or Azure Policy for automated compliance enforcement.

• SIEM and SOAR experience: Azure Sentinel rule authoring, playbook automation, and incident orchestration.

• Experience in regulated industries (insurance, finance, healthcare) where security controls must meet external audit and regulatory standards.

• Exposure to zero-trust architecture patterns and their practical implementation in cloud-native environments.

• Experience with secrets scanning and pre-commit security tooling integrated into developer workflows.

What we offer

• Contract under Polish law: B2B or Umowa o Pracę

• Benefits such as private medical care, group insurance, Multisport card

• English classes available

• Hybrid work (at least 1 day/week on-site) in Warsaw (Mokotów)

• Opportunity to work with excellent professionals

• High standards of work and focus on the quality of code

• New technologies in use

• Continuously learning and growth

• International team

• Pinball, PlayStation & much more (on-site)

Join a growing team of dedicated professionals! We love to pass on the knowledge to grow excellence, speak our minds without playing politics, and just enjoy hanging around together. If you share our passions - we want to meet you! So go ahead and apply ➡️