IT Security Specialist

Ceneo.pl is one of the largest e-commerce platforms in Poland and a leader among price and product comparison services in Europe. It has been supporting millions of Polish online shoppers for over 21 years, collaborating with major domestic and international stores and sales platforms. The company employs specialists from various fields united by passion and commitment to their projects.

• Strong knowledge of OWASP Top 10 and practical skills in detecting and describing web application security vulnerabilities
• Experience in conducting penetration tests (web, API, possibly mobile)
• Practical knowledge of tools like Burp Suite or similar
• Ability to collaborate with developers and product owners, translating technical risks into business language
• Understanding of typical web application architecture (frontend/backend, microservices, cookies, sessions)
• Basic understanding of cloud environments (Azure, GCP), CI/CD, and containerization (Docker/Kubernetes)
• Openness to developing skills in offensive security and DevSecOps
• Independence, initiative, and critical thinking skills
• English language proficiency sufficient for reading documentation and vulnerability reports
• Work model: 4 days in office, 1 day remote, plus 30 days occasional remote work annually

Nice to have:

• Experience in code security analysis
• Certifications in pentesting or web security
• Knowledge of techniques for detecting bots, frauds, and e-commerce application protections

• Identify and analyze vulnerabilities in web applications, focusing on production and staging environments
• Conduct manual and automated penetration tests on applications and infrastructure
• Collaborate with development and DevOps teams to design secure web and backend solutions
• Support security incident response through analysis, recommendations, and remediation participation
• Advise on implementing authorization, authentication, data protection, and anti-fraud mechanisms
• Engage in developing internal security processes and reviewing application architecture for attack vectors
• Participate in creating and maintaining technical security policies and DevSecOps practices
• Optionally conduct short technical workshops and presentations for engineering teams

By submitting an application, the candidate consents to personal data processing by Ceneo.pl sp. z o.o. for recruitment purposes and possibly future recruitment processes. Data will be processed for up to 36 months or up to 10 years in case of claims. Candidates have rights under GDPR including access, correction, deletion, processing limitation, data portability, and objection.