Application Security Expert

T-Mobile Poland is a leader in telecommunication, dedicated to providing innovative solutions that drive growth and efficiency for clients. The company emphasizes security and integrity in its operations.

• 4+ years of full-time commercial application security experience
• 4+ years of experience in software development, preferably in cloud environment
• Experience in architecting and building application security on modern tech stacks across multiple platforms (web, mobile, desktop)
• Prior experience in performing threat modelling and secure design reviews
• Familiarity with cloud services and their security best practices and secure design patterns, especially AWS
• Kubernetes and containerization security knowledge
• Knowledge of common application security vulnerabilities like OWASP Top 10 and cloud security gaps
• Knowledge of standards like OWASP Testing Guide, OWASP ASVS, NIST, and SANS top 20
• Proficiency in modern and common web stack technologies (HTTP, HTML5, AJAX, REST)
• Understanding of basic cryptography (encryption, hashing, MACs, digital signatures, TLS, password storage) and their application in web apps
• Knowledge of protocols (OAuth, SAML, OIDC), flows, and best practices
• At least basic knowledge in networks

Nice to have:

• Application Security related certificates
• Cloud (Security) related certificates

• Identify opportunities to automate and standardize application security controls and cooperate with the CICD team
• Analyze source code to mitigate identified weaknesses and vulnerabilities
• Create guidelines and application security standards
• Review and check automated security testing results
• Perform software architecture design reviews for both on-prem and cloud deployments
• Work with engineering teams to help architect and implement solutions that are secure by design
• Define, document, and supervise implementation of security guidelines and standards
• Build frameworks and libraries to provide security by default