Code Security Engineer​ | f/m/d

ERGO Technology & Services S.A. (ET&S), a member of the Munich Re and ERGO Group, delivers integrated IT and business services to international markets. The company focuses on advanced IT services and modern, business-driven technology solutions, supporting various end-to-end insurance processes including finance, operations, and underwriting. It operates offices in Warsaw and Gdańsk and fosters a dynamic, multicultural environment with strong global partnerships.

• Fluency in English
• Experience performing secure code reviews and identifying application security vulnerabilities
• At least 2 years of experience in a similar position
• Strong understanding of OWASP Top 10 (Web & API) and common mitigation approaches
• Knowledge of Secure SDLC and DevSecOps practices
• Hands-on experience with SAST tools (e.g., Checkmarx, Fortify, SonarQube)
• Familiarity with authentication, authorization, cryptography, and session management concepts
• Ability to read and analyze code across multiple languages and technologies
• Experience working with CI/CD pipelines and development workflows

Nice to have:

• Experience working with multiple programming languages across large systems
• Hands-on experience in Agile environments (Scrum/Kanban)
• Experience supporting audits or compliance processes
• Exposure to security testing across large enterprise environments

• Performing secure code reviews for web, mobile, and backend applications
• Identifying security vulnerabilities in line with OWASP Top 10, SANS, and CWE standards
• Analyzing and reviewing code written in languages such as Java, JavaScript, Python, C/C++, SQL, Swift, or similar
• Reviewing pull requests and CI/CD pipelines to detect and address security issues early
• Validating and triaging SAST findings, reducing false positives and prioritizing real risks
• Providing clear and actionable remediation guidance, including secure coding examples
• Participating in threat modeling and identifying design-level security risks
• Collaborating with development, QA, and release teams throughout development cycles
• Contributing to secure coding guidelines, standards, and best practices
• Supporting audits, compliance, and security documentation
• Tracking vulnerabilities through their lifecycle to ensure remediation
• Preparing and communicating security findings and recommendations to stakeholders