Application Security Specialist (regular/senior) (She/He/They)

Accenture is a leading global professional services company with approximately 791,000 people serving clients in more than 120 countries. The Cyber Security team, part of Accenture Security, assists clients in securing hybrid environments and applications at every stage of the software development lifecycle, integrating security into the SSDLC process.

• Strong motivation to develop in the area of Application Security and a mindset of continuous learning and skill development in cybersecurity, secure software engineering, and emerging technologies.
• Solid background in IT or software development, with proven experience in engineering, architecture, or operational roles, combined with hands‑on or growing expertise in cybersecurity.
• Good understanding of end‑to‑end application and system architectures, including layered and monolithic architectures, microservices‑based architectures, event‑driven architectures, service‑oriented architectures (SOA).
• Basic knowledge of application security fundamentals, including OWASP Top 10, OWASP ASVS, OWASP API Top 10, secure coding best practices, common vulnerability classes and exploitation techniques.
• Practical understanding of common attack techniques, such as XSS, CSRF, SQL Injection, deserialization issues, authentication bypasses, and privilege escalation, as well as familiarity with MITRE ATT&CK / CAPEC frameworks.
• Knowledge of authentication, authorization, and session management concepts, including standards and protocols such as OAuth 2.0, OpenID Connect, SAML, SSO, and modern identity‑centric security models.
• Good understanding of cryptographic concepts and best practices, including encryption, hashing, key management, and secure use of cryptographic libraries.
• Knowledge of Secure Software Development Lifecycle (SSDLC) principles, including security requirements, secure design, secure coding, testing, vulnerability management, and release governance.
• Experience or knowledge of REST APIs, API security concepts, and API Gateway architectures.
• Ability to analyze source code, APIs, and Infrastructure‑as‑Code (IaC) from a security perspective.
• Interest in securing AI‑enabled applications, platforms, or services, including LLM‑based systems.
• Proficiency in at least one programming language at a good level, such as Java, .NET / C#, JavaScript, Go, or scripting languages like Python.
• Experience with or strong understanding of static application security testing (SAST) and code review from a security perspective.
• Ability to perform or support threat modeling for applications and systems, considering business logic, architecture, and deployment models.
• Knowledge of Reverse Engineering and Malware Analysis concepts and techniques.
• Strong communication skills and ability to support development teams in vulnerability analysis and remediation.
• Fluency in English and Polish, both spoken and written, due to collaboration with international teams and clients, often in a remote setup.

Nice to have:

• Hands‑on experience with at least one major cloud platform: Azure, AWS, or Google Cloud Platform (GCP).
• Experience securing CI/CD pipelines, build systems, and artifact repositories.
• Familiarity with software supply chain security, including dependency scanning, SBOMs, third‑party risk, and open‑source security.
• Experience working with Git, Jira, and Agile / DevSecOps methodologies.
• Understanding of AI / ML system architectures, including data pipelines, model training, model storage, inference services, and API‑based integration.
• Ability to leverage AI‑powered security tools for code analysis, vulnerability detection, threat analysis, or security automation.
• Understanding of governance, risk, and compliance aspects related to the secure and responsible use of AI.
• Awareness of AI‑specific security risks, such as prompt injection and model manipulation, data poisoning and training data leakage, insecure model exposure and unauthorized inference, abuse of AI agents and automation.

• Collaborate closely with architecture, product, and development teams to embed security principles from the earliest stages of the Software Development Life Cycle (SDLC), following a security‑by‑design and shift‑left approach.
• Perform application and system security assessments in accordance with recognized industry standards and frameworks, including OWASP ASVS, OWASP Top 10, OWASP API Top 10, CWE Top 25, and other relevant security best practices.
• Design, implement, and govern security controls across the SDLC and SSDLC, ensuring consistent application of secure coding standards, security gates, and automated security testing.
• Conduct security architecture reviews for end‑to‑end solutions, including hybrid, cloud‑native, containerized, microservices‑based, and event‑driven architectures.
• Analyze and assess the security of application code, APIs, infrastructure‑as‑code (IaC), CI/CD pipelines, and supporting platforms.
• Support the design of modern, secure development environments, including secure CI/CD pipelines, hardened build environments, secure artifact repositories, and developer tooling.
• Define and drive Secure Software Development Lifecycle (SSDLC) processes, from security requirements definition and prioritization to software supply chain security, including dependency management, third‑party risk, and SBOM analysis.
• Perform threat modeling for applications and systems, with a strong focus on hybrid, distributed, and cloud‑based environments, identifying risks and proposing effective mitigation strategies.
• Provide hands‑on support to development teams in analyzing, prioritizing, and mitigating identified vulnerabilities, ensuring pragmatic and scalable security solutions.
• Assess and secure AI‑enabled systems and platforms, including applications based on machine learning, large language models (LLMs), and AI agents, across their full lifecycle.
• Identify and mitigate AI‑specific security risks, such as model abuse, prompt injection, data poisoning, training data leakage, insecure model deployment, and unauthorized model access.
• Define security requirements and controls for AI pipelines, including data ingestion, model training, model storage, inference APIs, and integration with existing systems.
• Leverage AI‑based security tools and automation to enhance vulnerability detection, code analysis, threat detection, and security operations efficiency.
• Support governance and compliance efforts related to responsible and secure use of AI, including risk assessments, security controls, and alignment with internal and external regulations.

Accenture does not discriminate employment candidates on the basis of race, religion, color, sex, age, disability, national origin, political beliefs, trade union membership, ethnicity, denomination, sexual orientation or any other basis impermissible under Polish law. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, sexual orientation, gender identity or expression, marital status, citizenship status or any other basis as protected by applicable law.