Cyber Security Engineer (Application Security)

Sirocco is an IT provider specializing in business systems, mobile and web applications, with over 15 years of experience. The company delivers top specialists and solutions for clients, including a leader in the automotive industry.

• Up to 5 years of experience in application cybersecurity or product security.
• Practical experience in threat analysis and risk assessment.
• Knowledge of cybersecurity principles and common application vulnerabilities (OWASP Top 10, CWE, CVE).
• Ability to analyze code repositories and identify potential security issues.
• Experience interpreting security test results and translating them into actionable tasks for development teams.
• Basic knowledge of penetration testing and application security assessment methods.
• Ability to analyze system architecture and identify potential attack vectors.
• Familiarity with UNECE R155 regulation.
• Good understanding of network and application security.
• Effective collaboration skills with technical teams and business stakeholders.
• Strong communication and organizational skills.
• English language proficiency for international work environment.
• Problem-solving orientation.
• Ability to build cooperation and influence technical teams.
• Independence and responsibility for assigned areas.
• Willingness to ask difficult questions and escalate critical security issues.
• Proactive approach to risk identification and process improvement.

Nice to have:

• Experience in software development or developer background.
• Experience leading or supporting penetration tests.
• Knowledge of AWS or other cloud platforms.
• Familiarity with SAST, DAST tools, and vulnerability management.
• Experience with Secure SDLC processes.
• Knowledge of automotive environments and cybersecurity requirements for the automotive industry.

• Supporting development teams in secure software design and development.
• Conducting threat analysis and risk assessment (Threat Analysis, TARA).
• Participating in security tests, code reviews, and analyzing results from SAST, DAST, and penetration tests.
• Identifying security vulnerabilities and recommending remediation actions.
• Collaborating with development teams on vulnerability analysis and mitigation (CVE, CWE, OWASP).
• Analyzing solution architecture to identify potential security weaknesses.
• Supporting product and process compliance with UNECE R155 requirements.
• Coordinating security-related activities among project teams.
• Independently managing assigned cybersecurity projects.

The data controller is Sirocco Mobile based in Warsaw. Candidates have rights regarding their personal data including access, correction, deletion, restriction, objection, portability, and complaint to supervisory authorities. Data processing is for recruitment purposes. Providing data required by labor law is mandatory; other data is voluntary. Refusal to provide mandatory data may prevent recruitment. Data is processed until recruitment ends and for potential claims. Consent for future recruitment can be withdrawn anytime. Data recipients include Just Join IT and other entities involved in recruitment processing.