Senior Application Security Specialist

EcoVadis is hiring for a role focused on application security with an emphasis on AI integration, cloud security, and penetration testing. The position involves ensuring software products, including web and mobile applications, are secure throughout the Software Development Life Cycle (SDLC) and addressing security challenges specific to AI-driven applications.

• 3+ years of professional experience in Application Security, Penetration Testing, or Secure Software Development.
• Practical experience with Azure cloud solutions and securing SaaS platforms.
• Familiarity with OWASP Top 10 for LLM Applications and risks related to Generative AI and Machine Learning models.
• Understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10, SANS Top 25) and remediation methodologies (e.g., OWASP WSTG).
• Hands-on experience with application security tools.
• Experience integrating security checks into CI/CD pipelines (e.g., Azure DevOps).
• Bachelor’s or Master’s degree in Computer Science, Cyber Security, or related technical field.
• Excellent English communication skills, both written and verbal.

Additional Qualifications:

• Professional certifications such as OSCP, OSWE, or specific cloud/AI security credentials.
• Basic understanding of application performance monitoring (APM) and observability.
• Experience with AI/ML security frameworks like MITRE ATLAS or NIST AI RMF.
• Experience contributing to Business Continuity (BCP) or Disaster Recovery (DR) strategies.
• Experience securing applications in Azure, AWS, or GCP and knowledge of Kubernetes.

Personal Attributes:

• High level of proactivity and autonomy.
• Strong planning, prioritization, and organizational skills.
• Collaborative spirit with ability to challenge assumptions while working well with others.

Secure SDLC & AI Integration:

• Design, implement, and maintain security gates within CI/CD pipelines.
• Explore and deploy AI-powered security tools to enhance vulnerability detection and automate triage.

Penetration Testing & Assessments:

• Conduct regular internal penetration tests on web, mobile, and AI-based applications.
• Coordinate with external security firms for third-party audits and manage remediation.

Securing AI/ML Solutions:

• Conduct security reviews and threat modeling for AI-driven features addressing risks like Prompt Injection and Training Data Poisoning.

Threat Modeling:

• Lead threat modeling sessions with architects and developers to identify attack vectors in traditional and LLM-based architectures.

Vulnerability Management:

• Perform regular security assessments, triage findings, and coordinate remediation with engineering teams.

AI Security Governance:

• Establish guidelines and best practices for secure use of AI coding assistants and third-party AI APIs.

Security Code Reviews:

• Conduct manual and automated deep-dive code reviews, including AI-generated code.

Consultancy & Training:

• Provide guidance on OWASP Top 10, OWASP Top 10 for LLM, and secure coding standards to product teams.

Application Resilience Support:

• Monitor availability and performance dashboards to maintain system stability and support capacity planning.

Offer available only for candidates eligible to work and live in Poland. Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland.