Application Security Engineer II
Znalezione w: beBee S PL - 1 miesiąc temu
At Qualtrics, we create software the worldâs best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platformâwe are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for conventionâbut most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.
When you join one of our teams, youâll be part of a nimble group thatâs empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You wonât have to look to find growth opportunitiesâready or not, theyâll find you. From retail to government to healthcare, weâre on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think thatâs work worth doing
Application Security Engineer II - Platform Security Team
The Challenge
As Qualtrics continues to expand the Experience Management (XM) platform, we must ensure that weâre protecting our customers and their data by building and operating secure systems. As over a thousand software & system engineers contribute to Qualtrics XM every day, we have a large attack surface to evaluate and secure.
Qualtrics is looking for an experienced security engineer with a passion for security and the aptitude to uncover difficult-to-identify security bugs which require detailed knowledge of our complex systems. The selected candidate will work within the Application Security team and provide support across the product engineering organization.The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, security operations and incident response, and security assurance.
A Day in the Life
- Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applications
- Leverage your accumulated knowledge of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testing
- Manage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
- Organize and/or support internal purple and red team exercises to systematically evaluate Qualtrics environments for security flaws
- Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
- Document and improve secure SDL processes, standards and guidelines
- Deliver training and provide mentoring to software engineers on security topics
- Facilitate threat modeling exercises to ensure optimized security design decisions are being made
- Make recommendations for architecture & design improvements to address recurring issues
- Automate redundant tasks for assessment and related activities in order to optimize our teamâs efficiency and reach
- Review source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards
The Expectation for Success
You will work effectively with the Qualtrics product engineering organization and fellow security engineers, providing reliable technical security expertise to identify and resolve security issues. You will seek to streamline and automate processes in order to deliver maximum results in limited time.
Minimum Qualifications
- Bachelorâs degree in Computer Science or a related field
- Minimum 2 years of relevant work experience
- Experience performing manual web application penetration testing as a job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
- Experience performing security reviews of source code & software/system designs
- Understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
- Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)
Preferred Qualifications
- Experience with assessing and securing large, complex SaaS applications
- Experience in threat modeling exercises
- Experience in security projects and initiatives
- Nice to have: one or more relevant security certifications (e.g., CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
- Familiarity with AWS, Docker, Kubernetes, Linux and similar technologies
- iOS/Android mobile application pentesting experience
- Prior software development experience
Our Teamâs Favourite Perks and Benefits
- Annual Leave: 20 or 26 annual leave days per annum plus an additional day for each year of service (to a max of 5).
- Private Medical Insurance- Luxmed health & dental cover for you and your dependants.
- Commuter Assistance- Up to the value of 80 PLN net a month for public transport.
- Savings Plan- Two company saving plans provided by Nationale Nederlanden: Employee Capital Plan (PPK) & Employee Saving Plan (PPO)
- QED PROGRAM- Qualtrics Engineer Development (QED) program: support, engineering learning activities up to 10% of engineering work time each quarter.
- Wellness- Up to the value of 800PLN gross per quarter can be reimbursed for a variety of wellness activities via our dedicated platform Twic.
- A choice of Multispot cards available.
- Our employee assistance program with Unum provides counselling and wellbeing support to all employees
- Experience bonus- 7000 PLN gross per annum. Qualtrics experience bonus is a program designed to provide experiences to our employees they might not otherwise have.
- Group Life & Income Protection Insurance
- Glasses/Contact lenses Reimbursement
- Free breakfasts, lunches, snacks, and drinks for everyone in the office
- Tax-deductible expenses (up to 75% depending on role)
Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
âââââââ
Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act
Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know. Qualtrics Work Experience - As we look to the future, we believe that our teams are better together. Being together will help us learn more, grow faster and ultimately deliver better results for our customers and Qualtrics. Roles tied to an office location work 4 days per week in the office together and 1 day from home, with a strong spirit of flexibility around taking time for personal, health, and family moments in our work weeks. Our managers work with their teams to create a collaborative, engaged work environment, and arrangement that works for each of our team members. Not finding a role thatâs the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.
-
Application Security Specialist
3 tygodni temu
Krakow, Polska COGNIZANT Pełny etatabout-project : We are seeking for Application Security will work with in-depth knowledge of both strategies and acceptable risk tolerances across a broad scope of applications. responsibilities : Report to the Global Manager of Application Security with responsibility for implementing AppSec technology security strategy. Maintain knowledge of Company...
-
Senior Security engineer IRC216242
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:In Grid Integration Service Solutions, we are currently looking for a skilled and motivated engineer to join our team of R&D specialists. Are you interested in developing control concepts and software for new charging solutions in the field of e-Mobility, such as eBus flash-charging? Are you passionate about working in close collaboration with...
-
Security Architect IRC217138
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:The client is a leading world telecommunication provider.#LI-DB1 #remoteRequirements:Job Summary: As a Security Architect, you will be responsible for designing secure networks, systems, and application architectures. Working closely with software architects, you will develop robust security standards, policies, and procedures to ensure best...
-
Security Architect IRC217138
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:The client is a leading world telecommunication provider.#LI-DB1 #remoteRequirements:Job Summary: As a Security Architect, you will be responsible for designing secure networks, systems, and application architectures. Working closely with software architects, you will develop robust security standards, policies, and procedures to ensure best...
-
Security Consultant @ AVENGA
3 dni temu
Krakow, Polska AVENGA Pełny etatSupporting the Client in a Third Party Risk Management process (TPRM), performing Vendor Risk Assessments. Estimated lenght: 2 years Required experience: conducting risk assessments (ideally of third-party vendors) against security standards, such as ISO 27001 and NIST Understanding of concepts of cyber security controls in IT areas (e.g. Access management,...
-
DevOps Engineer
1 tydzień temu
Krakow, Polska Circdata Polska Sp. z o. o. Pełny etattechnologies-expected : AWS Linux Bash Python Docker technologies-optional : Azure DevOps AWS ECS/EKS Fargate Kubernetes about-project : ClearCourse launched a new payments business, ClearAccept, to deliver a new innovative payment platform, by assembling a highly accomplished team with a track record of successfully launching new payments technology,...
-
Information Security Management Intern
2 dni temu
Krakow, Polska Brown Brothers Harriman Pełny etattechnologies-expected : Microsoft Excel technologies-optional : Active Directory about-project : At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application! What You Can Expect At BBH: If you join BBH you will find a...
-
Lead Java Engineer
3 dni temu
Krakow, Polska Euroclear Pełny etattechnologies-expected : Java Kafka Splunk Docker Kubernetes SQL NoSQL Angular Azure DevOps about-project : Lead Platform Engineer will be responsible for introducing processes, tools, and methodologies, using Java. This is a fantastic opportunity to be working with the UK delivery and Solution Architecture teams on a major modernisation change programme....
-
Sr Linux Kernel Engineer IRC217222
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:6+ years of complete hands-on experience working on Platform side for Enterprise...
-
Strong Linux Kernel Engineer IRC218348
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:4-6 years of complete hands-on experience working on Platform side for Enterprise...
-
Strong Linux Kernel Engineer IRC218348
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:4-6 years of complete hands-on experience working on Platform side for Enterprise...
-
Senior Linux Kernel Engineer IRC218346
Znalezione w: beBee S PL - 2 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:6+ years of complete hands-on experience working on Platform side for Enterprise...
-
Sr Linux Kernel Engineer IRC217222
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:6+ years of complete hands-on experience working on Platform side for Enterprise...
-
Cybersecurity Engineer
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription We seek a Security Engineer specialized in Threat Modeling, with a strong foundation in systems engineering and cybersecurity.Resposibilities:Your role centers on leading our Threat Modeling initiatives, focusing specifically on:Identifying and documenting our most critical assets, often referred to as "crown jewels," to prioritize our security...
-
Cybersecurity Engineer
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription We seek a Security Engineer specialized in Threat Modeling, with a strong foundation in systems engineering and cybersecurity.Resposibilities:Your role centers on leading our Threat Modeling initiatives, focusing specifically on:Identifying and documenting our most critical assets, often referred to as "crown jewels," to prioritize our security...
-
Managed Cloud OpenShift Engineer
2 tygodni temu
Krakow, Polska Nordcloud sp zoo Pełny etattechnologies-expected : OpenShift Kubernetes Ansible Bash Python Git Terraform Red Hat Helm about-project : Currently, we are looking for a Managed Cloud OpenShift Engineer for our team in Poland. responsibilities : Advanced Technical Support: Acting as the highest level of support for troubleshooting and resolving complex OpenShift-related issues,...
-
Quality Assurance Engineer
Znalezione w: beBee S PL - 2 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription We are an international pioneering technology leader that is writing the future of industrial digitalization. At the forefront is our Software Development Center which provides industry leading software and deep domain expertise to help the world’s most asset-intensive industries solve their biggest challenges. To strengthen our Polish...
-
Cloud DevSecOps Engineer
2 tygodni temu
Krakow, Polska Motorola Solutions Systems Polska Pełny etatThe position is part of our Cloud Platform Engineering (CPE) organization which operates and manages MSI’s Public Safety Application SaaS platform. As a Team Lead, you will be responsible for the security of these mission-critical systems that are used every day by public safety and government agencies across multiple countries. You will be working in a...
-
Senior Backend Engineer
2 tygodni temu
Krakow, Polska Upside Lab sp. z o.o. Pełny etattechnologies-expected : Ruby on Rails Python Kubernetes AWS Docker SQL Ruby technologies-optional : Vue.js React.js Node.js JavaScript responsibilities : As a Senior Backend Engineer, you will play a pivotal role in designing, developing, and maintaining production-grade platforms for our global clients. This position is at the heart of our development...
-
Senior/Tech Lead Linux Kernel Engineer IRC218343
Znalezione w: beBee S PL - 3 tygodni temu
Krakow, Polska Hitachi Careers Pełny etatDescription:Cybersecurity company, its solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT. Its engineers are working and build products to solve complex problems in the Zero Trust World.Requirements:6+ years of complete hands-on experience working on Platform side for Enterprise...
