Senior Application Security Engineer

Summary

Join Docplanner as an Application Security Engineer and play a crucial role in safeguarding our software products. Collaborate with development teams, share your expertise, and design robust security frameworks. Enjoy autonomy to set goals and work with cutting-edge technologies while creating a secure environment. Ensure the security and integrity of our software products by identifying and mitigating vulnerabilities. Guide development teams on best security practices and contribute to a culture of security within the organization. This role offers a unique opportunity to make a difference in software security and contribute to a company mission of making the healthcare experience more human.

Requirements

• Relevant professional experience
• Strong knowledge of application security, secure coding practices, and common risks and vulnerabilities
• Experience working as a partner with Product and Development teams
• Being able to automate routine tasks, enhance existing solution (preferably, knowledge of Python)
• Experience working with cloud native and containerized environments (AWS/Azure, Docker, Kubernetes), knowledge of common security practices and testing approaches
• Strong hands-on skills with testing and securing server-side and client-side apps
• Experience working with common security certifications and supporting the GRC team. Experience with ISO 2700X, NIST, C5, SOC2, PSI-DSS is a plus
• Communication excellence
• Good communication skills and experience in working with distributed product and development teams, to identify and implement improvements to processes and procedures
• Experience working in a fast scaling digital company
• You understand the environment of a global organization scaling at pace
• Mindset of building for scale with a data-driven approach
• Strong Project Management Skills
• Ability to set up goals and priorities for yourself and your peers, to plan and organize work using project management tools like Jira

Responsibilities

• Collaborating with our development teams to build a secure SDLC that integrates security at every stage of the software development process
• Researching and configuring security tooling to provide comprehensive security coverage
• Defining security guidelines for our applications to ensure that every product we release is protected against any potential attacks
• Consulting on new products, which may include pen-testing, threat modeling, or designing secure solutions, to ensure that they meet our high standards of security
• Developing a vulnerability management system that identifies and mitigates potential threats before they reach production
• Helping developers to understand security concepts and practices to foster a culture of security within our organization

Preferred Qualifications

• SDE background is a plus
• Testing and securing AI-based projects (LLM, RAG, diffusion models, fine-tuning pipelines, prompt injection, model extraction, data poisoning) is a plus
• Experience with .NET, PHP, and Javascript environments is a plus

Benefits

• A salary adequate to your experience and skills
• Share options plan after 6 months of working with us
• Remote or hybrid work model with or hub in Warsaw
• Flexible working hours (fully flexible, as in most cases you only have to be on a couple of meetings weekly)
• 20/26 days of paid time off (depending on your contract)
• Additional paid day off on your birthday or work anniversary (you choose what you want to celebrate)
• Private healthcare plan with Signal Iduna for you and subsidized for your family
• Multisport card co-financing for you to have access to sports facilities across Poland
• Access to iFeel , a technological platform for mental wellness offering online psychological support and counseling
• 20% time rule: spend 20% of your working hours on your own growth
• Free English classes