Mid Cybersecurity Engineer - AppSec/SecDev
Tech Stack / Keywords
Firma i stanowisko
Allegro is a technology company operating a massive, real-time marketplace with over 1000 microservices and advanced infrastructure including an open-source data bus and Service Mesh. The team is based in Warsaw and Poznań and works on securing a cloud and on-premises environment of high availability and performance. The company invests in modern tools and internal knowledge sharing, maintaining active participation in tech communities and organizing conferences.
Wymagania
- Proven experience in deep manual penetration testing of web/mobile applications, APIs, and AI-driven features along with strong secure code review skills.
- Solid understanding of financial tech security standards including PCI-DSS, PSD3/DORA, OWASP Top 10, API Top 10, and secure handling of sensitive data.
- Practical experience embedding security into the SDLC, analyzing software architectures, reviewing new features, and leading threat modeling sessions.
- Hands-on experience designing, tuning, and deploying SAST, DAST, and SCA tools in fast-paced CI/CD pipelines without blocking release velocity.
- Ability to independently triage, risk-score, and manage vulnerabilities across APIs, microservices, and financial infrastructure.
- Familiarity with microservices architectures, cloud security, containerization, and secure system configuration.
- Self-starter mindset with full task ownership, effort estimation, and clear communication of actionable security guidance to engineering and product teams.
Obowiązki
- Design, execute, and report manual and automated security tests across APIs, microservices, and fintech infrastructure, identifying vulnerabilities and assessing business risks.
- Manage the vulnerability lifecycle from identification and risk-scoring tailored to financial impact to tracking remediation with engineering teams.
- Review architectural designs and new financial feature proposals, acting as the main security liaison and leading threat modeling sessions.
- Support DevSecOps practices by integrating and tuning automated security tools (SAST, DAST, SCA) into CI/CD pipelines while maintaining deployment velocity.
- Support development of secure system configurations, monitor cloud applications, and implement preventive measures against emerging fintech threats.
- Collaborate with product and tech teams during design and grooming ceremonies to consult and verify security-enhancing solutions.
- Take ownership of impactful security initiatives from design through delivery with clear estimates, prioritization, and problem resolution.
- Contribute to raising team security maturity through documentation, knowledge-sharing sessions, mentoring, and participation in hiring.
Benefity
- Flexible working hours in a hybrid model (4 office days, 1 remote day) with work start between 7:00 and 9:00 a.m. and 30 days of occasional remote work.
- Annual bonus based on performance and company results.
- Well-located offices with fully equipped kitchens, bicycle parking, terraces, ergonomic chairs, and interactive conference rooms.
- Choice of MacBook Pro (14" or 16") or Dell with Windows and necessary accessories.
- Cafeteria plan with a wide selection of fringe benefits including medical, sports, lunch packages, insurance, and purchase vouchers.
- Employer-paid English classes related to job requirements.
- Training budget, inter-team tourism, hackathons, and internal learning platform.
- Additional day off for volunteering.
- Social events such as Spin Kilometers, Family Day, Fat Thursday, Advent of Code.
Inne informacje
Informacja o przetwarzaniu danych osobowych zgodnie z wymogami prawa polskiego: dane podaje się dobrowolnie poza obowiązkowymi ustawowo, przetwarzanie jest prowadzone przez Allegro.pl Sp.z.o.o. w Poznaniu, z prawem do zgłaszania sprzeciwu, usunięcia, przeniesienia danych oraz składania skarg do organu nadzorczego.
Allegro
110 aktywnych ofert