Application Security Team Lead

SmartRecruiters Inc. delivers an AI-powered hiring platform built for global scale, automating and optimizing the entire talent acquisition process. In 2025, SmartRecruiters joined SAP, combining AI innovation with SAP's ecosystem. The company operates with empowered product teams responsible for business outcomes and autonomy in problem-solving.

• Significant professional experience in Application Security, Product Security, or Secure Software Development, with a demonstrated track record of leading or mentoring security engineers
• Proven ability to lead a small team: set priorities, delegate effectively, develop people, and deliver results through others while staying technically hands-on
• Deep understanding of common vulnerability classes (injection, broken access control, cryptographic failures, SSRF, etc.) and secure design principles
• Strong hands-on experience with penetration testing of web applications, APIs, and modern cloud-native architectures
• Solid knowledge of authentication, authorization, cryptography, and API security patterns
• Experience building or maturing an application security program: defining processes, tooling strategy, and metrics
• Experience with security testing methodologies and tools across SAST, DAST, IAST, and SCA
• Familiarity with microservices architectures and cloud environments, particularly AWS
• Excellent communication skills: able to articulate technical risks to engineers, translate security priorities for leadership, and build trust across teams

• Lead and grow a team of Application Security Engineers, setting direction, coaching, and owning the AppSec roadmap and KPIs
• Drive end-to-end application security: threat modeling, design reviews, internal penetration testing, manual/automated code reviews, and security testing (SAST/DAST/IAST/SCA)
• Own vulnerability management and bug bounty: define processes and SLAs, triage and validate findings, and drive remediation with engineering teams
• Define and optimize the AppSec tooling stack, integrating security deeply into CI/CD and developer workflows to "shift left" without slowing delivery
• Secure AI/ML features and LLM integrations, assessing AI-specific risks and defining guardrails and best practices for safe adoption
• Set secure coding standards (OWASP) and scale a security-first culture through training, documentation, and security champion initiatives

You may be located anywhere in Poland and work remotely or out of the Cracow office.