Allegro
Allegro
New

Mid Cybersecurity Engineer - AppSec/SecDev

Brak informacji o wynagrodzeniu
MidFull-time·Umowa o pracę
#384645·Dodano wczoraj·0
Źródło: justjoin.it
Aplikuj teraz

Tech Stack / Keywords

APIAISDLCSASTDASTSCA

Firma i stanowisko

Allegro is a technology company operating a massive, real-time marketplace with over 1000 microservices and advanced infrastructure including an open-source data bus and Service Mesh. The team is based in Warsaw and Poznań and works on securing a cloud and on-premises environment of high availability and performance. The company invests in modern tools and internal knowledge sharing, maintaining active participation in tech communities and organizing conferences.

Wymagania

  • Proven experience in deep manual penetration testing of web/mobile applications, APIs, and AI-driven features along with strong secure code review skills.
  • Solid understanding of financial tech security standards including PCI-DSS, PSD3/DORA, OWASP Top 10, API Top 10, and secure handling of sensitive data.
  • Practical experience embedding security into the SDLC, analyzing software architectures, reviewing new features, and leading threat modeling sessions.
  • Hands-on experience designing, tuning, and deploying SAST, DAST, and SCA tools in fast-paced CI/CD pipelines without blocking release velocity.
  • Ability to independently triage, risk-score, and manage vulnerabilities across APIs, microservices, and financial infrastructure.
  • Familiarity with microservices architectures, cloud security, containerization, and secure system configuration.
  • Self-starter mindset with full task ownership, effort estimation, and clear communication of actionable security guidance to engineering and product teams.

Obowiązki

  • Design, execute, and report manual and automated security tests across APIs, microservices, and fintech infrastructure, identifying vulnerabilities and assessing business risks.
  • Manage the vulnerability lifecycle from identification and risk-scoring tailored to financial impact to tracking remediation with engineering teams.
  • Review architectural designs and new financial feature proposals, acting as the main security liaison and leading threat modeling sessions.
  • Support DevSecOps practices by integrating and tuning automated security tools (SAST, DAST, SCA) into CI/CD pipelines while maintaining deployment velocity.
  • Support development of secure system configurations, monitor cloud applications, and implement preventive measures against emerging fintech threats.
  • Collaborate with product and tech teams during design and grooming ceremonies to consult and verify security-enhancing solutions.
  • Take ownership of impactful security initiatives from design through delivery with clear estimates, prioritization, and problem resolution.
  • Contribute to raising team security maturity through documentation, knowledge-sharing sessions, mentoring, and participation in hiring.

Benefity

  • Flexible working hours in a hybrid model (4 office days, 1 remote day) with work start between 7:00 and 9:00 a.m. and 30 days of occasional remote work.
  • Annual bonus based on performance and company results.
  • Well-located offices with fully equipped kitchens, bicycle parking, terraces, ergonomic chairs, and interactive conference rooms.
  • Choice of MacBook Pro (14" or 16") or Dell with Windows and necessary accessories.
  • Cafeteria plan with a wide selection of fringe benefits including medical, sports, lunch packages, insurance, and purchase vouchers.
  • Employer-paid English classes related to job requirements.
  • Training budget, inter-team tourism, hackathons, and internal learning platform.
  • Additional day off for volunteering.
  • Social events such as Spin Kilometers, Family Day, Fat Thursday, Advent of Code.
Elastyczne godziny
Premie
Parking dla rowerów
Opieka zdrowotna
Ubezpieczenie
Dofinansowanie szkoleń
Kursy językowe
Karta sportowa
Spotkania integracyjne

Inne informacje

Informacja o przetwarzaniu danych osobowych zgodnie z wymogami prawa polskiego: dane podaje się dobrowolnie poza obowiązkowymi ustawowo, przetwarzanie jest prowadzone przez Allegro.pl Sp.z.o.o. w Poznaniu, z prawem do zgłaszania sprzeciwu, usunięcia, przeniesienia danych oraz składania skarg do organu nadzorczego.

Allegro

Allegro

110 aktywnych ofert

Zobacz wszystkie oferty
Aplikuj teraz