Product Security Engineer

Position Purpose

As we continue to scale and evolve, it has become increasingly important for us to protect our Products and Applications. That's why we're looking for an experienced Product Security Engineer to join our Security Services Team, partnering with Engineering Teams to build Secure-by-Design Products.

Responsibilities

Conduct threat modeling, security architecture reviews, and code reviews to ensure products are secure by design

Collaborate with development teams to embed security best practices into the software development lifecycle (SDLC)

Design and implement secure coding guidelines and advocate for secure design principles

Identify, assess, and mitigate security risks associated with products and services

Evaluate third-party components and libraries to ensure their security and reliability

Perform vulnerability assessments, penetration testing, and oversee remediation efforts

Monitor products for vulnerabilities, misconfigurations, or new threats using security tools and platforms

Partner with engineering and product management teams to raise awareness of secure design and practices

Provide regular training and mentorship to developers on secure coding and threat identification

Requirements

3+ years’ experience in security, cloud, and application development

A bachelor’s degree in computer science, Cybersecurity, or a related field (or equivalent experience)

Strong understanding of secure software development, cryptography, and security architecture

Proficiency in one or more programming languages (e.g., Python, Java, C / C++)

Experience with vulnerability scanning tools, static and dynamic code analysis tools, and penetration testing

Familiarity with modern development tools (e.g., Git, Jenkins, Docker) and cloud platforms (e.g., AWS, Azure, GCP)

Strong problem-solving skills and the ability to work collaboratively within cross-functional teams.

Excellent verbal and written communication skills to explain complex security concepts to both technical and non-technical stakeholders.

Experience in DevSecOps practices and security automation

Certifications such as CISSP, CEH, GIAC, or OSCP are a plus

Nice to have

Location

Krakow / Hybrid