Application/Product Security Engineer

Transition Technologies MS S.A. ("TTMS") is a global IT company and part of the Transition Technologies Group, one of the largest IT firms in Poland. Currently, TTMS employs nearly 800 specialists across eight offices nationwide.

TTMS supports large enterprises and global corporations by implementing and maintaining dedicated IT systems, as well as automating their business processes. TTMS is a partner of AEM, Salesforce, Microsoft, and others.

TTMS carries out unique, complex, and innovative projects across various industries. Thanks to flexible collaboration models and multidisciplinary teams, they provide end-to-end project solutions. The company focuses on environmentally friendly IT solutions.

TTMS leverages advanced AI-driven solutions to support the transformation of traditional processes into intelligent, automated operations. They assist in business process optimization (integration of Webcon + AI), low-code application development (Power Apps), and reporting (Power BI, Snowflake Data Cloud).

• University degree in Computer Science or similar field.
• Understanding of programming languages such as Java, C#, Python, or JavaScript.
• Strong understanding of application security principles and secure coding practices.
• Strong understanding of application security principles like network security, encryption, access management and their best practices.
• Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti).
• Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, ISO 27001), cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features.
• Hands on experience with containerization and orchestration tools such as Docker and Kubernetes.
• Solid understanding of OS principles and security (unix, linux, windows).
• Fluency in English.
• Certifications: Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus.

Nice to have:

• OT/IoT experience

• Conduct regular security assessments, including threat modeling, Attack Surface Analysis, Critical Analysis.
• Design and implement security architecture and controls for new and existing products.
• Review source code for security vulnerabilities and provide actionable feedback to development teams.
• Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation.
• Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes.
• Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies.
• Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process.
• Monitor application security metrics and provide regular reports to management on security posture and compliance.

We reserve the right to contact the selected candidates.