Oferty pracy

Wymagania: - Over 3 years of experience working with the Python programming language. - Strong ability to automate tasks. - Basic knowledge of large language models (LLMs), along with experience integrating them into software at the code level. Mile widziane: - Experience with Python frameworks used for developing AI agents (e.g., Pydantic). - Advanced knowledge of LLMs and prompt design techniques. - General awareness of common security vulnerabilities outlined in the OWASP Top 10. - Experience using security testing tools such as Burp Suite, OWASP ZAP, Nessus, Nmap, and Kali Linux. - Understanding of operating system architecture, especially the Linux kernel. O firmie: - We recruit the best IT specialists for technology companies – with no risk and full accountability for the outcome. Zakres obowiązków: - Building reliable, automated solutions for accurately identifying security weaknesses in modern web applications. - Creating innovative, AI-driven systems that utilize recent breakthroughs in machine learning and automated reasoning. - Implementing these advanced technologies to detect vulnerabilities at scale, supporting continuous and wide-ranging security evaluations across various web platforms. Oferujemy: - Friendly and collaborative working environment with strong focus on continuous learning - Opportunity to work on high-impact R&D projects using cutting-edge technologies - Access to professional trainings, conferences, and multicultural project teams - Modern equipment (workstation + monitors) and access to internal AI infrastructure - Additional perks such as discounts, product testing opportunities, and access to educational centers

Nasze wymagania: Over 3 years of experience working with the Python programming language. Strong ability to automate tasks. Basic knowledge of large language models (LLMs), along with experience integrating them into software at the code level. Mile widziane: Experience with Python frameworks used for developing AI agents (e.g., Pydantic). Advanced knowledge of LLMs and prompt design techniques. General awareness of common security vulnerabilities outlined in the OWASP Top 10. Experience using security testing tools such as Burp Suite, OWASP ZAP, Nessus, Nmap, and Kali Linux. Understanding of operating system architecture, especially the Linux kernel. O projekcie: You will join an R&D-focused security team working on innovative, AI-powered tools for vulnerability detection and supporting the continuous improvement of internal application security across a large, international ecosystem. Zakres obowiązków: Building reliable, automated solutions for accurately identifying security weaknesses in modern web applications. Creating innovative, AI-driven systems that utilize recent breakthroughs in machine learning and automated reasoning. Implementing these advanced technologies to detect vulnerabilities at scale, supporting continuous and wide-ranging security evaluations across various web platforms. Oferujemy: Friendly and collaborative working environment with strong focus on continuous learning Opportunity to work on high-impact R&D projects using cutting-edge technologies Access to professional trainings, conferences, and multicultural project teams Modern equipment (workstation + monitors) and access to internal AI infrastructure Additional perks such as discounts, product testing opportunities, and access to educational centers

Nasze wymagania: Podstawowa wiedza z zakresu cyberbezpieczeństwa (m.in. phishing, malware, ransomware), Podstawowa znajomość zagadnień: TCP/IP, VPN, MFA, Umiejętność analitycznego myślenia i rozwiązywania problemów, Komunikatywność, samodzielność oraz odpowiedzialność, Znajomość języka angielskiego pozwalająca na pracę z dokumentacją techniczną, Gotowość do przedstawienia aktualnego zaświadczenia o niekaralności. Mile widziane: Doświadczenie w pracy z narzędziami EDR, SIEM lub innymi rozwiązaniami bezpieczeństwa. Znajomość norm i regulacji: ISO 27001, NIS2, KSC. Podstawowa wiedza z zakresu OSINT. Certyfikaty branżowe (np. Security+, ISO 27001 Foundation/Lead Implementer, inne). Zakres obowiązków: Wsparcie w utrzymaniu i rozwoju systemu bezpieczeństwa informacji, Udział w analizie incydentów bezpieczeństwa, Monitorowanie alertów bezpieczeństwa (EDR/SIEM) oraz ich wstępna analiza, Prowadzenie rejestrów incydentów oraz ryzyk bezpieczeństwa, Wsparcie w tworzeniu i aktualizacji procedur oraz dokumentacji bezpieczeństwa informacji, Bieżąca współpraca z zespołem IT oraz zewnętrznym SOC. Oferujemy: Stabilną pracę w dynamicznie rozwijającej się firmie, Umowę o pracę oraz system premiowy uzależniony od wyników Twojej pracy, Pracę w godzinach 8.00-16.00, Przyjazną atmosferę pracy, w której dzielimy się wiedzą i doświadczeniem, Możliwość rozwoju zawodowego oraz podnoszenia kwalifikacji, Możliwość pracy w trybie hybrydowym po 3 miesiącach zatrudnienia (zgodnie z regulaminem pracy zdalnej i ustaleniami z przełożonym), Biuro w dogodnej lokalizacji blisko metra Nowy Świat – Uniwersytet, Liczne benefity (opieka medyczna, karta Medicover Sport, dofinansowanie do nauki języka obcego, możliwość wykupienia dodatkowego ubezpieczenia na życie na preferencyjnych warunkach).

Nasze wymagania: minimum 3 lata doświadczenia w pracy na stanowisku o zbliżonym zakresie obowiązków wykształcenie wyższe, preferowane kierunki: informatyczne, automatyka i robotyka, inżynierskie, ekonomiczne, zarządzanie, prawo znajomość działania systemów telemetrii i sterowników PLC, HMI i ich integracji ze SCADA znajomość protokołów przemysłowych (m.in. Modbus, GazModem, SmartGas, OPC UA) znajomość architektury systemów IT/OT i ograniczeń charakterystycznych dla środowisk przemysłowych. znajomość: architektury korporacyjnej, zagadnień związanych z usługami IT, przeglądów, audytów, zasad cyberbezpieczeństwa umiejętność pracy w zespole rozproszonym (zespół pracuje hybrydowe w różnych lokalizacjach) nastawienie na współpracę i dobrze rozwinięte umiejętności komunikacyjne Mile widziane: znajomość tematyki szeroko rozumianego rozwoju IT: praktycznego zastosowania metodyk, standardów oraz praktyk dotyczących architektury korporacyjnej znajomość zagadnień związanych z bezpieczeństwem danych, w tym autentykacji i autoryzacji dostępu do nich doświadczenie w pracy w sektorze regulowanym, energetycznym ukończone studia podyplomowe z obszaru ICT posiadane prawo jazdy kat. B znajomość j. angielskiego na poziomie B2 Zakres obowiązków: monitorowanie realizacji strategii IT w powierzonym obszarze merytorycznym definiowanie planów rozwojowych systemów i rozwiązań IT w sektorze regulowanym (identyfikowanie i analiza potrzeb, optymalizacja rozwiązań, rekomendowanie wdrożeń) współpraca z interesariuszami wewnątrz Spółki oraz z podmiotami zewnętrznymi w zakresie optymalizacji rozwiązań IT rekomendowanie najlepszych praktyk dotyczących oprogramowania udział w przedsięwzięciach w zakresie rozwoju merytorycznego zespołów opiniowanie planowanych zmian w środowisku IT w zakresie ich zgodności ze strategią i architekturą ICT oraz nadzór nad ich wprowadzeniem współtworzenie planów finansowych obszaru IT wspieranie przygotowania dokumentacji zakupowej, formalno-prawnej, przetargowej Oferujemy: możliwość zdobycia doświadczenia i rozwoju umiejętności stabilny pracodawca – zatrudnienie w oparciu o umowę o pracę. Znajdujemy się w ścisłej czołówce najlepszych Pracodawców w Polsce! Jesteśmy liderem w kategorii stabilność zatrudnienia według rankingu Randstad Employer Brand Research 2024 premia miesięczna i kwartalna szeroki pakiet benefitów, w tym m.in. prywatna opieka medyczna, karta sportowa na preferencyjnych warunkach, karta zniżkowa na paliwo i inne usługi, świadczenia okolicznościowe, świadczenia dla dzieci, dofinansowanie do wypoczynku, możliwość zapisania się do Pracowniczego Programu Emerytalnego, Pracowniczej Kasy Zapomogowo-Pożyczkowej możliwość podnoszenia swoich kwalifikacji przez udział w szkoleniach, kursach oraz studiach wyższych i podyplomowych work-life balance, np. elastyczne godziny pracy, dodatkowy dzień wolny od pracy: 4 grudnia

Wymagania: - minimum 3–5 lat doświadczenia w obszarze bezpieczeństwa informacji, zarządzania ryzykiem lub compliance IT w środowisku regulowanym lub usługowym. - praktyczna znajomość Systemu Zarządzania Bezpieczeństwem Informacji (SZBI). - doświadczenie w identyfikacji i analizie ryzyka w obszarze bezpieczeństwa informacji, w tym w prowadzeniu rejestru ryzyk i planów postępowania z ryzykiem. - doświadczenie w realizacji analiz wpływu na biznes (BIA) oraz w opracowywaniu i utrzymaniu planów ciągłości działania (BCP) i planów odtwarzania po awarii (DRP). - znajomość procesów zarządzania incydentami bezpieczeństwa informacji oraz raportowania zdarzeń w kontekście regulacyjnym i audytowym. - umiejętność opracowywania polityk, procedur i standardów bezpieczeństwa informacji, w tym dla klientów instytucji regulowanych. - doświadczenie we wdrażaniu wymagań regulacyjnych związanych z bezpieczeństwem IT, w tym DORA, wytycznych nadzorczych dla instytucji finansowych oraz lokalnych regulacji ICT. - znajomość zagadnień związanych z ochroną danych osobowych i współpracy z obszarem ochrony danych (RODO / GDPR). - umiejętność przygotowywania raportów, analiz strategicznych i materiałów zarządczych dotyczących bezpieczeństwa informacji, ryzyka ICT oraz zgodności regulacyjnej. - dobra znajomość języka angielskiego w zakresie dokumentacji technicznej, standardów i wymagań regulacyjnych. Mile widziane: - wiedza i doświadczenie w obszarze zarządzania ryzykiem i ciągłością działania, w tym utrzymanie i rozwój planów BCP/DRP. - znajomość norm ISO 22301 (ciągłość działania) oraz ISO 31000 (zarządzanie ryzykiem). - dobre umiejętności analityczne, umożliwiające samodzielne przeprowadzenie analiz wpływu na biznes (BIA) i oceny ryzyka ICT dla klientów regulowanych. - doświadczenie w utrzymaniu systemów zarządzania bezpieczeństwem informacji (SZBI / ISO 27001), w tym aktualizacja polityk, procedur i rejestrów ryzyk. - doświadczenie w pracy z klientami z sektora regulowanego (finanse, sektor publiczny) jako dostawca usług ICT. - doświadczenie we wdrażaniu wymagań regulacyjnych, w tym DORA, NIS2 i wytycznych nadzorczych dla instytucji finansowych. - certyfikaty branżowe w obszarze bezpieczeństwa informacji, zarządzania ryzykiem lub compliance (ISO 27001 Lead Implementer/Auditor, CISM, CRISC, CISSP). - umiejętność prowadzenia szkoleń i działań podnoszących świadomość w zakresie bezpieczeństwa informacji, ryzyka i ciągłości działania wśród pracowników i klientów. O firmie: - Działamy jako Centrum Usług Wspólnych, realizujemy usługi w obszarze teleinformatycznym, utrzymania i rozwoju systemów, z zakresu cyberbezpieczeństwa i bezpieczeństwa informacji dla Spółek z Grupy Kapitałowej PFR. - Pracujemy w dynamicznie rozwijającej się instytucji, w atmosferze profesjonalizmu i wsparcia, z wykorzystaniem naszych doświadczeń w gronie najlepszych ekspertów. Dołącz do PFR Operacje Sp. z o.o. Zakres obowiązków: - koordynowanie i utrzymywanie Systemu Zarządzania Bezpieczeństwem Informacji (SZBI) w zgodności z normą ISO/IEC 27001, w tym wsparcie w definiowaniu strategii bezpieczeństwa IT. - identyfikacja i analiza ryzyka w obszarze bezpieczeństwa informacji oraz prowadzenie rejestru ryzyk i planów postępowania z ryzykiem, ze szczególnym uwzględnieniem ryzyka ICT dla klientów regulowanych. - planowanie, koordynowanie i realizacja analiz wpływu na biznes (BIA) oraz opracowywanie, utrzymywanie i testowanie planów ciągłości działania (BCP) i planów odtwarzania po awarii (DRP). - zarządzanie procesami incydentów bezpieczeństwa informacji oraz raportowanie zdarzeń zgodnie z obowiązkami regulacyjnymi i audytowymi. - opracowywanie, wdrażanie i aktualizacja polityk, procedur i standardów bezpieczeństwa informacji, w tym dla klientów instytucji regulowanych. - wdrażanie i utrzymywanie wymagań regulacyjnych związanych z bezpieczeństwem IT, w tym DORA, wytycznych nadzorczych dla instytucji finansowych oraz lokalnych przepisów. - współpraca z obszarem ochrony danych osobowych (RODO / GDPR) w celu zapewnienia zgodności działań z wymaganiami prawnymi i regulacyjnymi. - przygotowywanie raportów, analiz strategicznych i materiałów zarządczych dotyczących bezpieczeństwa informacji, ryzyka ICT oraz zgodności regulacyjnej. - wspieranie działań podnoszących świadomość bezpieczeństwa informacji wśród pracowników i klientów. - utrzymywanie wysokiej jakości dokumentacji technicznej i operacyjnej w języku angielskim, zgodnej ze standardami branżowymi. Oferujemy: - umowę o pracę. - system premiowy. - pakiet prywatnej opieki medycznej. - ubezpieczenie na życie. - dodatkowe wpłaty pracodawcy do PPK. - system kafeteryjny myBenefit (w tym karty Multisport). - możliwość szkoleń i rozwoju zawodowego (w tym platformy szkoleniowe). - inicjatywy sportowe w ramach Grupy PFR. - pracujemy hybrydowo. - interesującą i pełną wyzwań pracę w dynamicznie rozwijającej się organizacji.

Nasze wymagania: minimum 3–5 lat doświadczenia w obszarze bezpieczeństwa informacji, zarządzania ryzykiem lub compliance IT w środowisku regulowanym lub usługowym. praktyczna znajomość Systemu Zarządzania Bezpieczeństwem Informacji (SZBI). doświadczenie w identyfikacji i analizie ryzyka w obszarze bezpieczeństwa informacji, w tym w prowadzeniu rejestru ryzyk i planów postępowania z ryzykiem. doświadczenie w realizacji analiz wpływu na biznes (BIA) oraz w opracowywaniu i utrzymaniu planów ciągłości działania (BCP) i planów odtwarzania po awarii (DRP). znajomość procesów zarządzania incydentami bezpieczeństwa informacji oraz raportowania zdarzeń w kontekście regulacyjnym i audytowym. umiejętność opracowywania polityk, procedur i standardów bezpieczeństwa informacji, w tym dla klientów instytucji regulowanych. doświadczenie we wdrażaniu wymagań regulacyjnych związanych z bezpieczeństwem IT, w tym DORA, wytycznych nadzorczych dla instytucji finansowych oraz lokalnych regulacji ICT. znajomość zagadnień związanych z ochroną danych osobowych i współpracy z obszarem ochrony danych (RODO / GDPR). umiejętność przygotowywania raportów, analiz strategicznych i materiałów zarządczych dotyczących bezpieczeństwa informacji, ryzyka ICT oraz zgodności regulacyjnej. dobra znajomość języka angielskiego w zakresie dokumentacji technicznej, standardów i wymagań regulacyjnych. Mile widziane: wiedza i doświadczenie w obszarze zarządzania ryzykiem i ciągłością działania, w tym utrzymanie i rozwój planów BCP/DRP. znajomość norm ISO 22301 (ciągłość działania) oraz ISO 31000 (zarządzanie ryzykiem). dobre umiejętności analityczne, umożliwiające samodzielne przeprowadzenie analiz wpływu na biznes (BIA) i oceny ryzyka ICT dla klientów regulowanych. doświadczenie w utrzymaniu systemów zarządzania bezpieczeństwem informacji (SZBI / ISO 27001), w tym aktualizacja polityk, procedur i rejestrów ryzyk. doświadczenie w pracy z klientami z sektora regulowanego (finanse, sektor publiczny) jako dostawca usług ICT. doświadczenie we wdrażaniu wymagań regulacyjnych, w tym DORA, NIS2 i wytycznych nadzorczych dla instytucji finansowych. certyfikaty branżowe w obszarze bezpieczeństwa informacji, zarządzania ryzykiem lub compliance (ISO 27001 Lead Implementer/Auditor, CISM, CRISC, CISSP). umiejętność prowadzenia szkoleń i działań podnoszących świadomość w zakresie bezpieczeństwa informacji, ryzyka i ciągłości działania wśród pracowników i klientów. Zakres obowiązków: koordynowanie i utrzymywanie Systemu Zarządzania Bezpieczeństwem Informacji (SZBI) w zgodności z normą ISO/IEC 27001, w tym wsparcie w definiowaniu strategii bezpieczeństwa IT. identyfikacja i analiza ryzyka w obszarze bezpieczeństwa informacji oraz prowadzenie rejestru ryzyk i planów postępowania z ryzykiem, ze szczególnym uwzględnieniem ryzyka ICT dla klientów regulowanych. planowanie, koordynowanie i realizacja analiz wpływu na biznes (BIA) oraz opracowywanie, utrzymywanie i testowanie planów ciągłości działania (BCP) i planów odtwarzania po awarii (DRP). zarządzanie procesami incydentów bezpieczeństwa informacji oraz raportowanie zdarzeń zgodnie z obowiązkami regulacyjnymi i audytowymi. opracowywanie, wdrażanie i aktualizacja polityk, procedur i standardów bezpieczeństwa informacji, w tym dla klientów instytucji regulowanych. wdrażanie i utrzymywanie wymagań regulacyjnych związanych z bezpieczeństwem IT, w tym DORA, wytycznych nadzorczych dla instytucji finansowych oraz lokalnych przepisów. współpraca z obszarem ochrony danych osobowych (RODO / GDPR) w celu zapewnienia zgodności działań z wymaganiami prawnymi i regulacyjnymi. przygotowywanie raportów, analiz strategicznych i materiałów zarządczych dotyczących bezpieczeństwa informacji, ryzyka ICT oraz zgodności regulacyjnej. wspieranie działań podnoszących świadomość bezpieczeństwa informacji wśród pracowników i klientów. utrzymywanie wysokiej jakości dokumentacji technicznej i operacyjnej w języku angielskim, zgodnej ze standardami branżowymi. Oferujemy: umowę o pracę. system premiowy. pakiet prywatnej opieki medycznej. ubezpieczenie na życie. dodatkowe wpłaty pracodawcy do PPK. system kafeteryjny myBenefit (w tym karty Multisport). możliwość szkoleń i rozwoju zawodowego (w tym platformy szkoleniowe). inicjatywy sportowe w ramach Grupy PFR. pracujemy hybrydowo. interesującą i pełną wyzwań pracę w dynamicznie rozwijającej się organizacji.

Wymagania: - Min. 4 lata doświadczenia w cybersecurity - Praktyczna znajomość rozwiązań Trellix / ex-FireEye (endpoint, network, email security) - Doświadczenie wdrożeniowe - wdrażanie, konfiguracja i integracja rozwiązań cybersec u klientów (nie tylko administracja istniejących systemów) - Znajomość SIEM, w szczególności Splunk - Rozumienie obszarów: EDR/XDR, IDS/IPS, endpoint protection Mile widziane: - Certyfikaty produktowe, np. Trellix Endpoint/XDR/Network Security, FireEye Systems Engineer, McAfee ePO, McAfee Endpoint Security Product Specialist - Certyfikaty branżowe (CISSP, CEH, GIAC) - Doświadczenie z CyberReason, Trend Micro lub innymi rozwiązaniami klasy EDR/XDR - Umiejętność automatyzacji (Python) - Background u integratora lub vendora cybersec O firmie: - We recruit the best IT specialists for technology companies – with no risk and full accountability for the outcome. Zakres obowiązków: - Wdrażanie i konfiguracja rozwiązań cybersecurity u klientów enterprise — end-to-end, od projektu po dokumentację powdrożeniową (główny focus: Trellix/ex-FireEye, SIEM/Splunk) - Utrzymanie i rozwiązywanie problemów w obszarze bezpieczeństwa endpointów, sieci, poczty, DLP, IDS/IPS - Integracja systemów bezpieczeństwa z SIEM (Splunk) i automatyzacja procesów operacyjnych - Bezpośrednia współpraca z klientem — komunikacja techniczna, raportowanie, identyfikacja ryzyk projektowych - Tworzenie dokumentacji technicznej i operacyjnej (po polsku) Oferujemy: - Wsparcie w certyfikacjach i rozwoju technologicznym - Sprzęt Apple - Dojrzały, ekspercki zespół i płaska struktura

Nasze wymagania: Min. 4 lata doświadczenia w cybersecurity Praktyczna znajomość rozwiązań Trellix / ex-FireEye (endpoint, network, email security) Doświadczenie wdrożeniowe - wdrażanie, konfiguracja i integracja rozwiązań cybersec u klientów (nie tylko administracja istniejących systemów) Znajomość SIEM, w szczególności Splunk Rozumienie obszarów: EDR/XDR, IDS/IPS, endpoint protection Mile widziane: Certyfikaty produktowe, np. Trellix Endpoint/XDR/Network Security, FireEye Systems Engineer, McAfee ePO, McAfee Endpoint Security Product Specialist Certyfikaty branżowe (CISSP, CEH, GIAC) Doświadczenie z CyberReason, Trend Micro lub innymi rozwiązaniami klasy EDR/XDR Umiejętność automatyzacji (Python) Background u integratora lub vendora cybersec O projekcie: Rekrutujemy do jednego z najbardziej doświadczonych integratorów IT w Polsce - firma z ponad 12-letnim stażem, 90+ partnerstw technologicznych. Firma projektuje, wdraża i utrzymuje rozwiązania m.in. cybersecurity end-to-end u klientów enterprise: spółki Skarbu Państwa, banki, energetyka, telekomy, instytucje wymiaru sprawiedliwości - środowiska od 1000 endpointów w górę, z długimi, wielomiesięcznymi projektami i realnym wpływem biznesowym. Szukamy Cybersecurity Engineera do małego, eksperckiego zespołu, który zajmuje się wdrożeniami i utrzymaniem rozwiązań związanych z cyberbezpieczeństwem. Jest to rola wdrożeniowo-konsultingowa. Zakres obowiązków: Wdrażanie i konfiguracja rozwiązań cybersecurity u klientów enterprise — end-to-end, od projektu po dokumentację powdrożeniową (główny focus: Trellix/ex-FireEye, SIEM/Splunk) Utrzymanie i rozwiązywanie problemów w obszarze bezpieczeństwa endpointów, sieci, poczty, DLP, IDS/IPS Integracja systemów bezpieczeństwa z SIEM (Splunk) i automatyzacja procesów operacyjnych Bezpośrednia współpraca z klientem — komunikacja techniczna, raportowanie, identyfikacja ryzyk projektowych Tworzenie dokumentacji technicznej i operacyjnej (po polsku) Oferujemy: Wsparcie w certyfikacjach i rozwoju technologicznym Sprzęt Apple Dojrzały, ekspercki zespół i płaska struktura

Nasze wymagania: Professional experience in cybersecurity operations, incident response, digital forensics, threat hunting, or a closely related discipline. Strong understanding of core security domains, including: Network security; Endpoint security; Identity and access management; Cloud security fundamentals; Common attack techniques (MITRE ATT&CK familiarity preferred) Hands-on experience with multiple security technologies, such as: SIEM platforms (log analysis, investigation, correlation); EDR/EPP tools; Network security tools (firewalls, proxies, IDS/IPS); Email security and identity platforms; Cloud security and logging solutions Demonstrated ability to analyze telemetry, develop investigative hypotheses, and methodically work incidents through to resolution. Strong written and verbal communication skills, including the ability to produce clear technical documentation and concise executive-level summaries. Familiarity with structured incident response frameworks (e.g., NIST, SANS, ISO) is preferred. Preferred: Mile widziane: Experience in a large, complex, or global enterprise environment. Prior work experience in a SOC, DFIR function, or Cyber Incident Response Team. Familiarity with automation or scripting (e.g., Python, PowerShell, KQL, or SOAR platforms) to accelerate investigations and response. Experience working with SOAR or case management platforms in an operational environment. Relevant industry certifications (e.g., GCIA, GCFA, GNFA, GCIH, CISSP, CISM) are a plus but not required. O projekcie: The Cybersecurity Investigations & Response (CIR) team within AC3 (Aon’s Global Cybersecurity Operations) is responsible for leading and coordinating incident response, conducting in‑depth investigations, and continuously improving how Aon detects, responds to, and recovers from cyber events. As a Cybersecurity Investigations & Response Lead, you will play a critical role in investigating and responding to security incidents across Aon’s North America region. You will work closely with Threat Detection & Response (TDR), Global Security Operations, IT, Legal, Risk, Audit, and business stakeholders to ensure incidents are handled effectively and consistently. This role focuses on deep investigation, coordination, and response leadership—ensuring incidents are executed according to defined processes, evidence is preserved, risks are clearly understood, and lessons learned drive measurable improvements across Aon’s cybersecurity program. Aon is in the business of better decisions: At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed. Zakres obowiązków: Incident Response & Investigations • Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery. • Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact. • Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals. • Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation. • Maintain high-quality incident records and evidence within Aon’s case management and response tooling. Crisis & Stakeholder Coordination • Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required. • Translate technical findings into clear, risk-based insights for both technical and non-technical audiences. • Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail. • Contribute to calm, structured, and disciplined response execution during high-pressure events. Playbooks, Procedures & Readiness • Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data exfiltration, cloud compromise). • Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness. • Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution. Continuous Improvement & Threat Informed Defense • Lead or contribute to lessons learned activities following incidents and near misses; track improvement actions through to completion. • Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction. • Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3. • Strengthen Aon’s threat informed defense by feeding investigative insights back into controls, detections, and processes. Collaboration & Global Alignment • Operate within a follow the sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC. • Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations. • Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions.

Localisation: Paris / Clichy (2 à 3 jours de TT par semaine) Durée: +2 ans Résumé: Le rôle principal du Chef de Projet DORA est de piloter la mise en œuvre des projets IT en respectant les délais, tout en coordonnant les activités de run telles que la correction de bugs et le développement léger. Il contribue au bon fonctionnement du département IT du Groupe, organisé en Business Verticals. Responsabilités: Pilotage de projet • Gouvernance : piloter la gouvernance IT, fournir aux parties prenantes toutes les informations nécessaires à la prise de décision • Reporting projet et suivi de l’avancement • Remontée des alertes, risques et propositions de solutions • Définition du Target Operating Model pour la gestion HRIS • Définition de la stratégie de déploiement et suivi de l’adoption des processus et solutions • Gestion du Change Management et des releases • Pilotage des campagnes de tests • Gestion des prestataires et consultants • Organisation de la roadmap business, priorisation et arbitrage fonctionnel • Documentation des besoins métiers et des spécifications • Gestion et priorisation du product backlog Développement & Documentation • Planification et internalisation des connaissances liées aux outils, mise en place des processus IT associés • Documentation des outils : concepts de sécurité, procédures, interfaces et flux de données Compétences: • Minimum 5 ans d’expérience dans le domaine de la gestion des risques IT (Information Risk Management), de la continuité d’activité (Business Continuity Management) et de DORA • Bonne expérience dans la mise en œuvre opérationnelle des réglementations IT Risk en solutions IT concrètes (outils GRC, notamment « Topease ») • Connaissance des processus de gestion des risques IT, de la continuité d’activité (BCM), des risques liés aux tiers et de DORA • Connaissance des nouvelles réglementations DORA

The Cyber Security team, part of Accenture Security, assists clients in securing hybrid environments and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the SSDLC process.   THE WORK: - Collaborate closely with architecture, product, and development teams to embed security principles from the earliest stages of the Software Development Life Cycle (SDLC), following a security‑by‑design and shift‑left approach. - Perform application and system security assessments in accordance with recognized industry standards and frameworks, including OWASP ASVS, OWASP Top 10, OWASP API Top 10, CWE Top 25, and other relevant security best practices. - Design, implement, and govern security controls across the SDLC and SSDLC, ensuring consistent application of secure coding standards, security gates, and automated security testing. - Conduct security architecture reviews for end‑to‑end solutions, including hybrid, cloud‑native, containerized, microservices‑based, and event‑driven architectures. - Analyze and assess the security of application code, APIs, infrastructure‑as‑code (IaC), CI/CD pipelines, and supporting platforms. - Support the design of modern, secure development environments, including secure CI/CD pipelines, hardened build environments, secure artifact repositories, and developer tooling. - Define and drive Secure Software Development Lifecycle (SSDLC) processes, from security requirements definition and prioritization to software supply chain security, including dependency management, third‑party risk, and SBOM analysis. - Perform threat modeling for applications and systems, with a strong focus on hybrid, distributed, and cloud‑based environments, identifying risks and proposing effective mitigation strategies. - Provide hands‑on support to development teams in analyzing, prioritizing, and mitigating identified vulnerabilities, ensuring pragmatic and scalable security solutions. - Assess and secure AI‑enabled systems and platforms, including applications based on machine learning, large language models (LLMs), and AI agents, across their full lifecycle. - Identify and mitigate AI‑specific security risks, such as model abuse, prompt injection, data poisoning, training data leakage, insecure model deployment, and unauthorized model access. - Define security requirements and controls for AI pipelines, including data ingestion, model training, model storage, inference APIs, and integration with existing systems. - Leverage AI‑based security tools and automation to enhance vulnerability detection, code analysis, threat detection, and security operations efficiency. - Support governance and compliance efforts related to responsible and secure use of AI, including risk assessments, security controls, and alignment with internal and external regulations. Flexible: The work location for this role may include a mix of working remotely, onsite at a client or in an Accenture office - depending on specific project circumstances.  With all our roles, there is some in-person time for collaboration, learning and building relationships with clients, peers, leaders, and communities. As an employer, we will be as flexible as possible to support your specific work/life needs.

About Us The world’s most advanced VPN, and a whole lot more. If you’re a curious problem-solver who carves their own path, join the team behind Threat Protection Pro, the NordLynx protocol, and the fastest VPN on the planet—tools that put privacy, security, and control back in people’s hands. Your impact? Helping millions take back control of their online security, privacy, and data. Meet NordVPN Threat Protection, the product which makes NordVPN app more than a VPN. This innovative product enhances online security by protecting users from scams, phishing attempts, and other malicious activities. Additionally, it bolsters user privacy and enriches the web browsing experience by eliminating intrusive ads. Our technology, along with our internal tools and products, is essential to our operations. Without them, we would be unable to achieve our objectives, making their importance paramount. Your primary objective is to manage internal products and tools while exploring innovative approaches for enhancement. Effective monitoring is crucial to ensure that internal products deliver the anticipated results with the desired quality. Collaboration primarily occurs with engineering managers, data scientists, developers, and DevOps professionals. Therefore, possessing technical skills is essential. The Team We believe that the product can serve its users best by providing experience so exceptional that it will speak for itself. We also agree that the core elements of success are the encouragement of professional growth, individual initiative, and a deep understanding of our users and business challenges. We are looking for a results-driven Technical Product Owner to join the Threat Protection - Threat Intelligence team. The ideal candidate is not only a Technically skilled but also good communicator. Main Responsibilities: - Own and drive the roadmap for internal detection products (phishing, scam, malware, etc.) - Ensure detection systems meet high standards for precision and recall, minimizing false positives/negatives - Support integration of detection capabilities into broader NordVPN infrastructure - Partner with data scientists to define requirements for training, validating, and deploying ML models - Ensure high-quality labeled data pipelines for model accuracy and robustness - Collaborate on model evaluation frameworks to track real-world performance and drift - Facilitate experimentation and rapid iteration on detection algorithms and heuristics - Oversee ingestion, validation, and prioritization of data from paid, open-source, and internal threat feeds - Build systems to correlate signals across feeds and flag anomalies or inconsistencies - Maintain tools and processes that streamline curation workflows and reduce manual overhead - Ensure transparency and traceability in decisions affecting detection confidence - Translate business and operational needs into clear technical requirements - Drive alignment across stakeholders on trade-offs, priorities, and delivery timelines - Ensure clarity around ownership, goals, and impact of each threat intel product stream - Lead backlog refinement, sprint planning, and retrospectives with technical teams - Prioritize work based on business value, tech feasibility, and detection effectiveness - Track product KPIs (e.g., detection accuracy, false positive rate, latency) and adapt roadmap accordingly.

O projekcie: 💻 Ework Group - founded in 2000, listed on Nasdaq Stockholm, with around 13,000 independent professionals on assignment - we are the total talent solutions provider who partners with clients, in both the private and public sector, and professionals to create sustainable talent supply chains. With a focus on IT/OT, R&D, Engineering and Business Development, we deliver sustainable value through a holistic and independent approach to total talent management. By providing comprehensive talent solutions, combined with vast industry experience and excellence in execution, we form successful collaborations. We bridge clients and partners & professionals throughout the talent supply chain, for the benefit of individuals, organizations and society. 🔹 For our Client from automotive industry we are looking for 2 Senior IT Security & Risk Officers - 2 days from the office🔹 The consultants will drive complex cross-functional initiatives related to the implementation of cybersecurity regulatory requirements, including NIS2, the Cyber Resilience Act (CRA), and DORA. The assignment focuses on translating regulatory requirements into practical implementation initiatives, structuring and driving regulatory workstreams, and ensuring alignment across technology, cybersecurity, and business stakeholders in a large global enterprise environment. The consultants will operate as part of the DTO NIS2 Program and report directly to the NIS2 Program Lead. They are expected to take ownership of initiatives, independently drive progress, and support the program in moving from regulatory interpretation to concrete implementation and remediation. This role requires individuals who are comfortable operating in complex organizations, navigating ambiguity, and driving progress through influence. Assignment Details - Duration: 6 months with possible extension  - Start: As soon as possible Wymagania: Required Experience - Proven experience of the implementation of cybersecurity or technology regulatory requirements in large organizations. - Strong experience driving complex cross-functional initiatives in corporate environments. - Ability to translate regulatory expectations into practical and implementable actions. - Experience engaging and aligning senior stakeholders across technology and business organizations. - Excellent communication, facilitation, and coordination skills. - Ability to operate independently and proactively in a complex organizational environment. Codzienne zadania: - Lead and drive cross-functional initiatives supporting the implementation of cybersecurity regulatory requirements (NIS2, CRA, DORA).  - Translate regulatory requirements into structured implementation plans, actionable initiatives, and remediation activities.  - Identify regulatory gaps and support the development of implementation roadmaps and prioritized action plans.  - Drive execution of assigned initiatives across multiple stakeholders in technology, cybersecurity, risk, legal, and business organizations.  - Facilitate working sessions and stakeholder alignment to ensure clear ownership, progress, and decision-making.  - Track initiative progress, risks, and dependencies and ensure timely escalation where required.  - Contribute to program governance and reporting, including preparation of status updates and decision material for senior stakeholders.  - Support the continued structuring and operationalization of the DTO NIS2 Program. 

NVIDIA has been transforming computer graphics, PC gaming, and accelerated computing for more than 25 years. It’s a unique legacy of innovation that’s fueled by great technology—and amazing people. Today, we’re tapping into the unlimited potential of AI to define the next era of computing. An era in which our GPU acts as the brains of computers, robots, and self-driving cars that can understand the world. Doing what’s never been done before takes vision, innovation, and the world’s best talent. As an NVIDIAN, you’ll be immersed in a diverse, supportive environment where everyone is inspired to do their best work. Come join the team and see how you can make a lasting impact on the world. What you'll be doing: - Design and implement security solutions throughout all layers from high-level applications, OS, and drivers to device firmware. - Work on novel security projects involving both hardware and software. - Provide insight and technical guidance and collaborate with peers from across the company, including architecture, marketing, and engineering departments. - Collaborate with NVIDIA partners and customers - Research, build, develop, and implement architecture solutions for security features in networking products. - Architectural modeling and validation, following standards bodies. - Work with customers and partners to identify and address security issues and threats. Join us at NVIDIA to push the boundaries of cybersecurity research!

About Workato Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility. Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today’s fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato.com. Responsibilities Join our Product Security team as a Security Engineer - Red Team and help secure the future of AI automation through offensive security operations. *This is a remote position in either Spain or Portugal. *You'll simulate real-world adversarial attacks against our cloud architecture, AI model endpoints, and complex multi-tenant SaaS platform while playing a key role in strengthening our defenses during our Agentic AI Transformation. You will play a pivotal role in identifying security weaknesses, validating defensive capabilities, and improving our security posture through adversarial testing. Your findings will directly influence product security architecture and drive security improvements across a diverse set of customer deployments. Key responsibilities include: - Adversarial Exercises and Penetration Testing: Conduct red team exercises and penetration tests to simulate real-world attacks and validate defensive controls - Exploitation and Vulnerability Research: Perform vulnerability research and exploitation to validate attack paths and contribute to the security community - Threat Modeling and Attack Simulation: Collaborate on threat modeling to anticipate attacker techniques and strengthen defensive strategies - SecOps and Bug Bounty Collaboration: Partner with Security Operations and Bug Bounty teams to enhance detection, response, and organizational resilience - External Testing Coordination: Coordinate external red team and penetration testing engagements and third-party security assessments - Security Automation and Tooling: Develop automated tools and frameworks to scale offensive security operations across systems and applications This role offers the opportunity to conduct offensive security research against mission-critical systems deployed globally while working with AI and cloud technologies. If you're passionate about thinking like an attacker to build stronger defenses, this role could be perfect for you.

About Us at GoCardless GoCardless is a global bank payment company. Over 100,000 businesses use GoCardless to collect and send payments through direct debit, real-time payments and open banking. GoCardless processes US$130bn+ of payments annually, across 30+ countries; helping customers collect and send both recurring and one-off payments, without the chasing, stress or expensive fees. We use AI-powered solutions to improve payment success and reduce fraud. And, with open banking connectivity to over 2,500 banks, we help our customers make faster, more informed decisions. We are headquartered in the UK with offices in London and Leeds, and additional locations in Australia, France, Ireland, Latvia, Portugal and the United States. At GoCardless, we're all about supporting you! We’re committed to making our hiring process inclusive and accessible. If you need extra support or adjustments, reach out to your Talent Partner — we’re here to help! And remember: we don’t expect you to meet every single requirement. If you’re excited by this role, we encourage you to apply! The role As a Product Security Engineer, you will enable development teams to take ownership of the security and privacy of their product by collaborating to set requirements and standards, performing design reviews and vulnerability assessments, and helping build security controls. You will also work closely with the dedicated Security Operations and Security Engineering teams. You will be someone who has experience securing a cloud-native environment, and, in particular, in embedding security and privacy standards in engineering functions. You should also be comfortable automating security and privacy engineering and performing various security assessments. What excites you - Developing high-quality code for extensive tasks, showcasing proficiency in leading systems and architecture design independently. - Leading the design and documentation processes for complex tasks, breaking them down into manageable segments for team collaboration while also handling the most challenging portions. - Contributing significantly to the company-wide systems architecture, impacting the organisation's technological landscape. - Providing guidance to developers and architects on secure coding methodologies, architectural design, and security best practices, fostering a culture of excellence within the team. - Overseeing the vulnerability management program, conducting routine assessments, prioritising resolutions, and tracking progress towards securing systems. - Demonstrating advanced proficiency in security testing, ensuring comprehensive evaluations of system, application, and network security postures. - Creating and maintaining robust security policies, procedures, and guidelines for effective programme management. Life at GoCardless We're an organisation defined by our values; We start with why before we begin any project, to ensure it’s aligned with our mission. We make it happen, working with urgency and taking personal accountability for getting things done. We act with integrity, always. We care deeply about what we do and we know it's essential that we be humble whilst we do it. Our Values form part of the GoCardless DNA, and are used to not only help us nurture and develop our culture, but to deliver impactful work that will help us to achieve our vision. Diversity & Inclusion We’re building the payment network of the future, and to achieve our goal, we need a diverse team with a range of perspectives and experiences. As of July 2024, here’s where we stand: - 45% identify as women - 23% identify as Black, Asian, Mixed, or Other - 10% identify as LGBTQIA+ - 9% identify as neurodiverse - 2% identify as disabled If you want to learn more, you can read about our Employee Resource Groups and objectives here as well as our latest D&I Report. Sustainability at GoCardless We’re committed to reducing our environmental impact and leaving a sustainable world for future generations. As co-founders of the Tech Zero coalition, we’re working towards a climate-positive future. Check out our sustainability action plan here. Find out more about Life at GoCardless via X, Instagram and LinkedIn.

Nasze wymagania: In-depth knowledge of AWS security services Expertise in securing AWS and on-prem environments Strong experience in managing IAM roles, policies, and permissions Focus on implementing IAM with other identity providers LAN/WAN routing knowledge In-depth understanding of network infrastructure Experience with cloud security best practices Knowledge of security threat mitigation and vulnerability management Understanding of compliance and regulatory security requirements Hybrid model: 2-3 days onsite per week Zakres obowiązków: Ensure security of cloud-based application, data, and infrastructure within AWS environment Design, implement, and maintain robust security measures to protect organization's assets from threats and vulnerabilities Enable secure cloud adoption and operations Work on VDI 3.11 project with 0.3 FTE allocation Part of three-person team with full engagement of 0.9 FTE from Hitachi team Implement security controls and monitoring Assess and mitigate security risks in cloud environments Collaborate with technical teams on security requirements Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

The Secure AI Innovation Engineer is a hybrid security role combining Application Security, Cloud Security, and AI Security, with a strong focus on innovation, automation, and security maturity uplift. This role supports clients in evolving their cybersecurity capabilities, designing and implementing modern, secure, and scalable solutions, and enabling safe adoption of AI and Agentic AI technologies. The engineer acts as a trusted security advisor, helping organizations securely modernize their environments, processes, and teams. The role does require deep values broad technical foundations, curiosity, ownership, and growth mindset, with the ability to connect security, cloud, applications, and AI into cohesive, end‑to‑end solutions. THE WORK: - Support clients in increasing their cybersecurity maturity by assessing current security posture, identifying gaps, and defining pragmatic improvement roadmaps across applications, cloud platforms, and development processes. - Act as a trusted security advisor, proposing modern and innovative security solutions that improve security posture, enable automation, increase operational efficiency, and enhance the effectiveness and quality of security teams. - Design and implement end‑to‑end security controls covering applications, cloud infrastructure, development pipelines, and operational environments. - Enable secure adoption of AI technologies, including LLM‑based solutions and Agentic AI, by designing and securing client environments to support safe and responsible AI usage. - Define and implement security guardrails for AI environments, including: identify, assess, and mitigate AI‑specific security risks, such as prompt injection, data leakage, data poisoning, model abuse, insecure integrations, and misuse of autonomous AI agents. - Collaborate with development, architecture, and platform teams to embed security into SDLC and SSDLC, following security‑by‑design and shift‑left principles. - Support and improve secure development environments, including CI/CD pipelines, Infrastructure‑as‑Code, APIs, and cloud‑native platforms. - Perform or support application and system security assessments, aligned with industry standards such as OWASP Top 10, OWASP ASVS, and OWASP API Top 10. - Conduct or facilitate threat modeling for end‑to‑end solutions, including cloud‑native, hybrid, distributed, and AI‑enabled architectures. - Design and support secure cloud and hybrid architectures across Azure, AWS, or GCP, covering identity, network security, data protection, and platform security. - Support containerized and cloud‑native environments (e.g. Kubernetes‑based platforms) by ensuring secure configuration, posture management, and workload protection. - Leverage automation and AI‑powered security tools to improve vulnerability detection, code and configuration analysis, threat detection, and security operations efficiency. - Translate complex security risks into clear, actionable recommendations for technical and non‑technical stakeholders. - Support clients in building long‑term security capabilities, enabling secure digital transformation and responsible use of AI technologies. - Secure cloud foundations, data flows and pipelines, AI model integration and inference APIs, Identity and Access Management. Flexible: The work location for this role may include a mix of working remotely, onsite at a client or in an Accenture office - depending on specific project circumstances.  With all our roles, there is some in-person time for collaboration, learning and building relationships with clients, peers, leaders, and communities. As an employer, we will be as flexible as possible to support your specific work/life needs.

We are looking for a Project Manager to lead global cybersecurity initiatives across a complex enterprise environment. The role combines strong project leadership with deep expertise in cybersecurity technologies. How you will get the job done - leading the end-to-end delivery of global cybersecurity initiatives across heterogeneous, multi-vendor environments with a high degree of customization and complexity - driving the development of project charters that clearly define scope, objectives, timeline, success metrics, requirements (business, non-functional, functional, and operational), and risk mitigations strategies for global cybersecurity initiatives - overseeing technical implementations and integrations of cybersecurity technologies such as: - SIEM platforms, SOC, Data Encryptions Standards, Cryptography, PKI - AI/ML-driven security analytics and UEBA - Network Security, Endpoint Detection and Response (EDR), and Secured Communications Protocols - Data Loss Prevention (DLP) and Email Security - User Access Management including IAM, PAM, and IDPs - Cyber Threat Intelligence (CTI) and both security and non-security logging - managing the project lifecycle using Agile, Waterfall, or hybrid methodologies, ensuring delivery against scope, time, and budget - collaborating with global stakeholders across security, risk, infrastructure, application teams, and third-party vendors to align project goals with organizational security strategy and ensure accountability - translating complex technical concepts into actionable plans and executive-level updates - tracking and reporting on project KPIs, risks, interdependencies, and compliance with organizational and regulatory security standards - tracking KPIs, manage budgets, and report on progress, risks, and escalations to senior leadership and steering committees

Nasze wymagania: 16 years of experience within the field Organizational and Operational Resilience expertise Technology Resilience and Crisis Management experience Business Continuity Management and IT Disaster Recovery knowledge Cyber Security and Physical Security expertise Emergency Management and Incident Response experience Enterprise Risk Management and Third Party Risk Management Supply Chain Resilience and Operational Risk Management Strong executive advisory and leadership capabilities Experience in financial services and regulatory environments Zakres obowiązków: Co-lead WS 2 deliverables and execution Support WS lead in workstream management Provide executive advisory on resilience and regulatory matters Drive execution and assurance across workstream activities Support organizational and operational resilience initiatives Provide expertise in crisis management and business continuity Support technology resilience and cyber security initiatives Guide emergency management and incident response activities Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: 1-3 years of experience in similar/close to similar role and in close collaboration with 2LOD, 3LOD and business stakeholders Experience with risk and controls management methodology and able to identify and document controls for identified risks Good understanding of Business Continuity and Crisis Management framework and processes Hands-on experience for project documentation, preparation of presentations and delivery documents Role will require extensive collaboration across different teams, and perspectives and rationalizing those inputs will be required Good knowledge of compliance and structure of 3LOD in FSI entity Good communicator and ability to develop materials such as processes, procedures, policies or frameworks Understanding of or experience with ICT or Cyber regulations Ability to take initiatives, independently complete tasks in timely manner Proficient in English (writing, verbal and reading) Must have worked with internal controls before in FSI sector Zakres obowiązków: Establish and integrate operational controls to address BCCM risk using Group Guidelines for Controls Framework Provide support to Track Lead with running of day-to-day project activities and manage relationship with key stakeholders Review and understand BCCM related issue findings where operational controls are required as part of issue closure criteria Support and work closely with Service Transition to assess operational controls and performance indicators Work in close collaboration with BCCM RRP Workstreams to establish controls as required by internal and external auditors Prepare list and get acquainted with Nordea Guidelines, EBA guidelines and other regulatory requirements Maintain risk and control documentation, and update continuously as project matures Support track lead with documentation of controls after reviewing and understanding BCCM, ITSCM and other relevant processes Advise 1LoD and BCCM RRP to implement controls, monitor and report them for effectiveness purposes Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: 1-3 years of experience in similar/close to similar role and in close collaboration with 2LOD, 3LOD and business stakeholders Experience with failover and restore from backup testing preferable Good understanding of BCCM framework and processes Experience with risk and controls management methodology and able to identify and document controls for identified risks Hands-on experience for project documentation, preparation of presentation and delivery documents Role will require extensive collaboration across different teams, and perspectives and rationalizing those inputs will be required Knowledge of regulatory requirements and compliance frameworks Understanding of operational controls and testing frameworks Zakres obowiązków: Work in close collaboration with BCCM RRP 0.14 and Nordea business/technology areas to establish controls as required by internal and external auditors Review and understand Business Continuity and Crisis Management (BCCM) Testing Framework uplifts where operational controls are required Establish and integrate operational controls within BCCM framework using Nordea Group guidelines Prepare list of Nordea Guidelines, EBA guidelines and other regulatory requirements as relevant and control documentation Update continuously as project matures Support Technology Risk Management team (1LoD), BCCM 1st LoD and BCCM RRP to implement controls Monitor and report controls for effectiveness purposes Support BCCM RRP Project 0.10 delivery lead with documentation of controls Keep track of all open actions coming out of meetings, plan follow-up actions and support Delivery lead with timely updates Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

O projekcie: ITMAGINATION, now part of the Virtusa Group helps its Clients by becoming a true extension of their software and data development capabilities. Through the readily set up, comprehensive, and self-governing teams, we let our Clients focus on their business while we make sure that their software products and data tools scale up accordingly and with outstanding quality. We are looking for experienced team players to fill the position of OT Security and Remote Access Specialist and participate in our up-and-coming project for our client from telco area. Wymagania: - Experience in Operational Technology (OT) cybersecurity - Strong knowledge of secure remote access solutions for OT environments - Experience with risk assessment and cybersecurity risk mitigation - Understanding of OT security standards and frameworks (IEC 62443, NIST) - Hands-on experience with Fortinet solutions, including deployment and management of Fortinet FortiGate 400E (or equivalent) in High Availability (HA) mode, covering NGFW features, VPN (IPSec/SSL), and routing. - Familiarity with Fortinet switching solutions such as Fortinet FortiSwitch 108F and centralized management via FortiLink (preferred). - Strong knowledge of enterprise networking based on Cisco Systems, including L2/L3 switching, VLANs, dynamic routing protocols (OSPF/BGP), and wireless infrastructure. - Understanding of high availability and redundancy mechanisms (HA, LACP, failover design) across network and security layers. - Knowledge of incident response processes in industrial environments - Experience designing secure OT architectures - Familiarity with industrial control systems and automation technologies - Ability to collaborate with engineering, IT, and security teams - Fluent English (B2+) Codzienne zadania: - Design and manage secure remote access solutions for OT environments, ensuring reliable connectivity for internal engineers and third-party vendors while safeguarding critical assets. - Assess and mitigate cybersecurity risks associated with remote access solutions by leveraging Remote Access Vendor technologies to maintain secure connectivity and operational safety.

Nasze wymagania: Deep understanding of email systems and security layers, including SMTP and SMTP Auth Hands-on experience with Proofpoint solutions (policy management, threat analysis, DLP techniques) Knowledge of email security threats (malware, phishing, social engineering) and mitigation strategies Familiarity with Exchange Online and enterprise mail environments Strong background in information systems, architecture, and service delivery Excellent stakeholder management and communication skills (technical and non-technical audiences) Strong analytical and problem-solving skills Experience working in highly regulated, large multinational environments Ability to adapt to changing situations and drive continuous improvement Expertise in email security technologies, including Proofpoint Knowledge of cybersecurity frameworks, standards, and methodologies Experience with Cloud and SaaS environments Familiarity with data protection technologies (Data Classification, Encryption, DLP) Understanding of DevOps practices and automation for security solutions O projekcie: We are looking for an Engineer – Proofpoint Email Security to join the Global Defense Engineering team within Cybersecurity. This role is responsible for implementing and maintaining email security solutions, ensuring robust protection against phishing, malware, and social engineering attacks. You will work closely with stakeholders across the organization to deliver secure, scalable, and efficient email security capabilities, with a strong focus on Proofpoint solutions. This is an exciting opportunity to work on enterprise-level email security architecture, influence strategic decisions, and contribute to the bank’s global cybersecurity posture. Sounds like your kind of challenge? Zakres obowiązków: Implement and maintain Proofpoint email security solutions, including policy management and threat analysis Collaborate with Control Owners, Service Owners, and Platform Owners to ensure alignment with security and compliance requirements Manage the engineering backlog, prioritize tasks, and support delivery of strategic capability roadmaps Evaluate and adopt new technologies and practices to enhance email security Act as a subject matter expert for email security architecture and defense-in-depth capabilities Provide technical oversight for control defect assessments and remediation plans Support production environments, including incident resolution, monitoring, and problem management Build strong relationships with internal stakeholders and external vendors to ensure effective delivery and continuous improvement Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: A bachelor’s or master’s degree and 5+ years of experience in Information Security. Experience conducting security assessments and reviews, including the ability to evaluate control implementation and supporting evidence. A strong understanding of information security across people, processes, and technology, with the ability to communicate clearly to both technical and non‑technical audiences. Practical knowledge of cloud/security fundamentals, logging and monitoring practices, and access control to support informed questioning during reviews. Familiarity with security standards such as ISO 27001/27002, ITIL, NIST, PCI‑DSS, and CIS, and the ability to apply them within an organizational context. A friendly and constructive communication style, contributing positively to team culture. A self‑driven approach with the ability to manage multiple tasks simultaneously. Fluency in written and spoken English to collaborate effectively with teams across Denmark and Poland. Mile widziane: A CISSP (or ISAPP), Cisco/network certifications, Microsoft certs (SC900, AZ500, SC100 or similar), SABSA, OSCP/OSCE or similar certification Experience from working with the financial sector and/or a software development organization Experience with ServiceNow, JIRA, or similar tools Zakres obowiązków: You will join our Information Security team, which is part of the Service Integration & Security area. Information Security is placed as a 1st line function in BEC. The services delivered by the Information Security team are crucial and enabling BEC to deliver on its strategy, take strong decisions and maintaining customer trust. This is achieved by overseeing and monitoring how BEC manages and meets its Information Security Requirements. The Information Security team embeds security across BEC by: Driving security governance and organizational alignment through BEC’s ISMS Ensure that Information Security requirements are clearly defined and consistently enforced across BEC Strengthen BEC’s security management in close collaboration with other relevant stakeholders in BEC Creates a consolidated security posture view for BEC and reporting to relevant stakeholders At BEC, we prefer to collaborate often in the office, but we also keep the opportunity to work remotely up to 8 days per month. Your direct manager will be BEC CISO and head of Information Security, Dennis Jensen. Primary tasks and responsibilities include: As an Information Security Architect at BEC, you will clarify and implement security standards, consult on projects, and ensure best practices align with strategic goals. Your main duties include designing and executing security measures and assessing technical solutions for proper control implementation. Success requires communicating security expectations, threats, and regulations clearly to all stakeholders. You will join a committed team protecting the financial sector, where a proactive attitude and consultative approach are essential. Conducting and facilitating security assessments based on a structured, security-focused approach, reviewing governance documentation and evidence Providing clear, practical feedback and recommendations that improve how security controls are implemented and evidenced, and supporting stakeholders with follow-up Performing the information security review across multiple topics in BEC. Oferujemy: Professional development Healthy, varied lunch and fruit in the canteen ​ Active staff associations: yoga, cycling, gokart, salsa dancing etc. ​ Flexible working hours Health insurance Referral bonus

Nasze wymagania: Suitable industry/regulatory experience in analysis and solution design Creating TPRM processes and experience in assessing and drafting changes to contract templates Demonstrable skills and experience independently organizing and facilitating workshops to actively shape development of revised governance processes As SME should provide oversight and judgement in suitability of BCCM/TPRM requirements in updated contract template Experience with third party risk management and vendor management Knowledge of regulatory requirements including EBA and DORA Understanding of business continuity and IT recovery objectives Experience with contract template development and governance processes Zakres obowiązków: Support key activity areas within project 1.9 RTO-RPO in Critical and Important Outsourcing Agreements Support existing Project Manager with relevant SME experience in relation to 3rd party risk management Enable project to complete deliverables, close outstanding GOR/GIA issues, and support Nordea with implementation of DORA requirements Identification of business continuity requirements (RTO, RPOs) and development of specific SLAs for third parties Updating of BCCM requirements in supplier contractual templates aligned to EBA, DORA and best practice Design of new governance process and controls to ensure C/I agreements contain RTO-RPO requirements Ensure supplier BCPs are aligned to Nordea's business continuity and IT recovery objectives Provide oversight and judgement in suitability of BCCM/TPRM requirements in updated contract template Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: 3–6 years of experience as a GRC Consultant or in a similar IT security role Solid knowledge of IT risk management, cybersecurity frameworks, and compliance practices Strong understanding of Agile methodologies Experience in vulnerability management and remediation Ability to manage stakeholders and communicate effectively across teams Strong analytical thinking and problem-solving skills Independent, proactive mindset with a consultant approach O projekcie: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, we are looking for an experienced GRC Consultant to support and strengthen our security posture within an agile environment. In this role, you will ensure the proper implementation of security and continuity policies, influence business decisions with a security-first mindset, and collaborate across teams to manage risks and vulnerabilities. Location: remotely Type of employment: B2B contract Remuneration: up to 110 PLN net + VAT per hour on B2B Project languages: English Zakres obowiązków: Ensure deployment of security and continuity policies across the organization Influence business decisions to align with security goals and objectives Ensure applications are onboarded into relevant security tools (SAST, AVS, Pentests, SCA, ANON) Promote security by design and security by default principles in software architecture and development Support troubleshooting and debugging of security issues; lead cross-functional vulnerability remediation initiatives Participate in agile ceremonies (Sprint Planning, Backlog Review) with a strong focus on security Provide regular reporting on application security levels and vulnerabilities to IT Risk & Cyber Security stakeholders Share best practices with central IT Risk & Cyber Security teams and other security officers Coordinate and follow up on continuity tests and exercises Support IT risk assessment and define mitigation measures Track and follow up on remediation plans Report and escalate IT risks based on severity Prepare and gather evidence for internal controls and audits Oferujemy: Private medical care with dental care (covering 70% of costs). Family package option possible. Multisport card (also for an accompanying person). Life insurance. Work with talented engineers on large-scale, technically challenging projects.

O projekcie: - International Environment - Work with a professional team in a dynamic, global setting. - Growth & Development - Access to top-tier training and career advancement opportunities. - Premium Workspace - High-end office in the heart of Warsaw.\ - Hybrid work environment (3 days onsite) - 12 months contract with ability to convert to FTE Wymagania: Strategic Staffing Solutions International client is a leading global financial services firm providing investment banking, Global Market and investment management services to a substantial and diversified client base that includes corporations, financial institutions, governments, and high-net-worth individuals. The company is headquartered in New York and maintains offices in London, Frankfurt, Tokyo, Bengaluru, Hong Kong and other major financial centers around the world. Basic Qualifications: - 4+ years of experience in application security and/or cloud security - Experience with threat modeling or secure design and architecture reviews - Degree in Computer Science, Engineering, Cybersecurity, or Information Security - Strong knowledge of common vulnerabilities (OWASP Top 10, cloud security gaps) - Hands-on experience with AWS security services (IAM, KMS, CloudTrail, GuardDuty, Inspector) - Knowledge of authentication and authorization protocols (OAuth, OIDC, SAML) - Understanding of secure coding practices and security controls - Experience with vulnerability assessment and penetration testing tools - Familiarity with modern web technologies and stacks - Knowledge of cryptography concepts such as TLS, encryption, and hashing - Strong English communication skills - Ongoing interest in learning about emerging security threats Codzienne zadania: - Conduct cybersecurity design reviews for web applications, AWS infrastructure, and AI/ML solutions, challenging and validating proposed architectures. - Serve as a cybersecurity advisor, providing expert guidance on secure design and implementation strategies. - Drive organizational change by creating, documenting, and promoting effective security patterns. - Lead risk read-out calls, articulating security risks and recommending mitigation strategies. - Analyze penetration test and code review reports, guiding teams to resolve security issues. - Mentor junior team members and foster development in cybersecurity practices.

O projekcie: Lokalizacja: KrakówTryb pracy: hybrydowy Poszukujemy Cybersecurity Data Analyst SME, który będzie częścią zespołu wspierającego globalne technologie i usługi w obszarze cyberbezpieczeństwa. Zespół ten odpowiada za ochronę danych, zapobieganie ich utracie (Data Loss Prevention), zarządzanie infrastrukturą zabezpieczeń oraz analizę i eliminację luk w zabezpieczeniach, mając na celu zapewnienie bezpieczeństwa funkcji krytycznych oraz transakcji o wartości miliardów funtów.  Zakres obowiązków: - Wdrażanie i utrzymywanie środków zabezpieczających systemy i dane. - Wykorzystywanie zaawansowanej analityki danych do oceny skuteczności istniejących kontroli, identyfikowania nowych zagrożeń oraz proponowania strategii minimalizowania ryzyka, prezentując wyniki za pomocą modeli statystycznych i wizualizacji. - Współpraca w zakresie projektowania, wdrażania oraz bieżącego zarządzania wskaźnikami kontroli (KCI). - Współpraca z zespołami metryk i automatyzacji w celu opracowywania pulpitów nawigacyjnych i automatyzowania procesów. - Współpraca z właścicielami i architektami dostawców usług chmurowych (CSP) w celu dokumentowania i oceny zdolności ochrony danych, identyfikowania luk oraz możliwości rozwoju kontroli. - Przegląd i proponowanie ulepszeń w politykach zapobiegania utracie danych (DLP), dbając o zgodność z obecnymi zagrożeniami i potrzebami biznesowymi przy minimalizacji wpływu na działalność. - Badanie incydentów DLP, przeprowadzanie analizy przyczyn źródłowych oraz dzielenie się wynikami i rekomendacjami z interesariuszami. - Wykorzystanie narzędzi analitycznych (np. Splunk, Python, SQL, Power BI) do pozyskiwania, manipulowania i interpretowania dużych zbiorów danych. - Przegląd i doskonalenie procesów dostarczania usług za pomocą metodologii poprawy procesów. Oferujemy: - Pracę w międzynarodowym zespole. - Możliwość rozwoju w obszarze cyberbezpieczeństwa oraz nowych technologii. - Pakiet benefitów (m.in. prywatna opieka medyczna, karta Multisport). Wymagania: - Wiedza z zakresu zasad cyberbezpieczeństwa, technologii i najlepszych praktyk. - Doświadczenie w przeprowadzaniu ocen ryzyka oraz doskonałe umiejętności analityczne i rozwiązywania problemów. - Zdolność do analizy skomplikowanych informacji, identyfikowania wzorców i komunikowania wyników w sposób zrozumiały dla odbiorców technicznych i nietechnicznych. - Doświadczenie w pracy z produktami DLP (np. Symantec DLP, McAfee CASB, MIP data classification). - Znajomość kontroli szyfrowania i maskowania danych w stanie spoczynku i w ruchu. - Doświadczenie w automatyzacji procesów i zbieraniu wymagań. - Znajomość kontroli ochrony danych CSP oraz architektur bezpieczeństwa. - Doświadczenie w analizie danych z użyciem narzędzi takich jak Splunk. - Doświadczenie w metodach poprawy procesów (np. Lean Six Sigma) będzie dodatkowym atutem. - Doświadczenie w podejmowaniu aktywnego udziału w podejmowaniu strategicznych decyzji biznesowych, biorąc pod uwagę ryzyko, długoterminowe konsekwencje oraz potrzeby interesariuszy. - Wykształcenie formalne w zakresie bezpieczeństwa informacji, cyberbezpieczeństwa, informatyki, analizy biznesowej lub równoważne doświadczenie.

Founded in Switzerland in 1968, Zühlke is owned by its partners and located across Europe and Asia. We are a global transformation partner, with engineering and innovation in our DNA. We're trusted to help clients envision and build their businesses for the future – to run smarter today while adapting for tomorrow’s markets, customers, and communities. Our multidisciplinary teams specialise in tech strategy and business innovation, digital solutions and applications, and device and systems engineering. We excel in complex, regulated spaces including health and finance, connecting strategy, tech implementation, and operational services to help clients become more effective, resilient businesses. If you share our values and want to do the best work, for the right reasons, we can offer you the chance to do it on a global scale and play a real role in shaping our exciting journey. The Role Cyber security governance: You will support the CISO in the security office to run our ISMS and ISO 27001 certification. Your Responsibilities As a Cyber Security Specialist, you will manage certain aspects of our Information Security Management System, namely: - You will work on core security processes like risk management, risk treatment, internal audit and resolution of findings. - You will contribute to the awareness campaign and support our supplier management by assessing potential suppliers. - You will help maintain the governance and policy framework. - Occasionally, you will lend your expertise to the business by responding to security questionnaires and other forms of internal consulting. - You will take the lead in one or two of the above-mentioned subjects. Since we are a small team, you are also expected to support security operations topics. Communication and collaboration is a key aspect of your role. You will work closely with our IT department and other internal service functions.

Nasze wymagania: 3+ lat doświadczenia w roli Cyber Security / GRC Consultant. Doświadczenie w vulnerability management. Znajomość metodyk Agile. Doświadczenie we współpracy ze stakeholderami. Samodzielność oraz konsultingowe podejście. Bardzo dobre umiejętności komunikacyjne. O projekcie: Dla naszego Klienta poszukujemy doświadczonej osoby w roli Cyber Security GRC Consultant do projektu realizowanego w międzynarodowym środowisku Agile. Osoba w tej roli będzie odpowiadać za obszar governance, risk oraz compliance w kontekście bezpieczeństwa aplikacji oraz procesów IT, współpracując z zespołami produktowymi oraz centralnym zespołem cyber security. Zakres obowiązków: Zapewnienie zgodności projektów z politykami security oraz continuity. Wspieranie decyzji biznesowych w kontekście bezpieczeństwa IT. Nadzór nad onboardowaniem aplikacji do narzędzi security (np. SAST, SCA, pentesty). Promowanie podejścia security by design oraz security by default. Wsparcie zespołów w analizie podatności oraz koordynacja działań naprawczych. Udział w ceremoniach Agile (Sprint Planning, Backlog Review) w zakresie security. Raportowanie poziomu bezpieczeństwa aplikacji oraz podatności. Współpraca z zespołami IT Risk & Cyber Security. Wsparcie w analizie ryzyk IT oraz planów mitigacji. Przygotowywanie dokumentacji pod audyty oraz kontrole wewnętrzne. Oferujemy: Współpracę w modelu 100% zdalnym. Projekt w międzynarodowym środowisku. Długofalową współpracę. Udział w projektach z obszaru cyber security.

Nasze wymagania: Strong experience with DLP products (at least 2 from Symantec DLP, McAfee CASB, Microsoft Information Protection) Hands-on experience with Cloud Access Security Broker (CASB) solutions Knowledge of policy management and whitelist guidelines Strong stakeholder management skills and ability to lead governance meetings Formal education in Information Security, Cybersecurity, Computer Science, or equivalent experience Proven track record of making strategic business decisions considering risk and compliance Experience working in highly regulated environments and dealing with auditors/regulators Excellent communication skills (verbal and written) for engaging with senior stakeholders Mile widziane: Familiarity with cloud security frameworks and best practices Experience in vendor and supplier management Knowledge of risk management frameworks and IT security governance O projekcie: We are looking for a Cyber Consultant Specialist to join the Cybersecurity Technology team. This role is responsible for supporting and delivering Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions, ensuring compliance with global security standards and protecting critical business assets. You will work closely with global stakeholders, providing technical expertise, managing security policies, and driving the implementation of enterprise-wide IT security strategies. This is an exciting opportunity to influence security architecture, manage risk, and contribute to the bank’s global cybersecurity posture. Sounds like your kind of challenge? Zakres obowiązków: Support the delivery and operation of DLP and CASB technologies across a global environment Manage DLP policies, whitelisting guidelines, and ensure compliance with security standards Collaborate with global teams to implement enterprise-wide IT security strategies Act as a subject matter expert for data security controls, providing advice and guidance to stakeholders Drive engagement with regional and global cybersecurity teams, IT, and business functions Participate in DLP governance meetings with stakeholders, including audit and compliance teams Support risk reduction initiatives by deploying and optimizing security technologies Ensure adherence to regulatory and legislative compliance requirements Contribute to audit and regulatory responses related to IT security Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: masz min. 3-4 lata doświadczenia zawodowego w jednym z obszarów (ze szczególnym zwróceniem uwagi na środowiska chmurowe): zarządzanie cyberbezpieczeństwem, usługi doradcze związane z cyberbezpieczeństwem , audyt i ocena ryzyka bezpieczeństwa informacji i danych, zarządzanie platformami i usługami cyberbezpieczeństwa, posiadasz wykształcenie wyższe (preferowane: kierunek informatyczny, ekonomiczny z elementami informatyki lub pokrewne), znasz j. angielski na bardzo dobrym poziomie - C1 oraz płynnie komunikujesz się w języku polskim, wykazujesz się znajomością nowych technologii i narzędzi opartych na AI w codziennej pracy (np. automatyzacja zadań, analiza informacji, przygotowywanie treści), posiadasz wysokie umiejętności analityczne oraz interpersonalne, charekteryzuje Cię samodzielność oraz proaktywność. Mile widziane: doświadczenia w zakresie zarządzania projektami oraz zespołem, znajomość zagadnień związanych z cyberbezpieczeństwem środowisk chmurowych, analizie ryzyka danych przetwarzanych w chmurze oraz wymagań regulacyjnych w tym zakresie, certyfikat CISSP, CCSP, CISA, CISM itp. Zakres obowiązków: udział w projektach doradczych dla międzynarodowych klientów w obszarze zarządzania cyberbezpieczeństwem oraz opracowywania strategii i architektury cyberbezpieczeństwa, przeglądy cyberbezpieczeństwa środowisk chmurowych (Azure, GCP, AWS), przeprowadzanie analizy ryzyka pod kątem cyberbezpieczeństwa dla nowych projektów i inicjatyw oraz wdrażanych technologii w środowisku klientów biznesowych, przeglądy systemów informatycznych i procedur stosowanych w działach informatycznych badanych firm oraz ocena ich zgodności ze standardami oraz dobrymi praktykami, udział w projektach związanych z analizą cyberbezpieczeństwa danych, systemów IT oraz sieci teleinformatycznych. Oferujemy: elastyczne warunki - hybrydowy model pracy, elastyczny początek dnia, workation, sabbatical leave, rozwój i podnoszenie kwalifikacji - pełne wsparcie zespołu podczas procesu wdrożenia, mentoring, szkolenia, warsztaty, certyfikacja współ-/finansowana przez PwC oraz konwersacje z native speaker, szeroki program medyczno-wellbeingowy - pakiet opieki medycznej (m.in. opieka stomatologiczna, swoboda leczenia, masaże, fizjoterapia), coaching, sesje mindfulness, wsparcie psychologiczne, edukacja poprzez dedykowane webinary i warsztaty, doradztwo finansowo-prawne, możliwość stworzenia indywidualnego planu benefitowego (wybór m.in. lunch pass, pakiet ubezpieczenia, concierge, pakiet weterynaryjny dla pupila czy masaże) oraz dostęp do kafeterii - w środku m.in. vouchery, zniżki na urządzenia IT i zakup samochodu, 3 godziny płatnego urlopu w miesiącu na wolontariat, dodatkowy dzień wolnego z okazji urodzin, a kiedy polubisz to miejsce tak, jak my, możesz polecić znajomych do PwC.

Nasze wymagania: Bachelor's degree in Science, Technology, Engineering, Mathematics, or equivalent practical experience. 5 years of experience in reading/debugging code written in a general purpose coding language (e.g., Java, C, C++, Python, Shell, Go or JavaScript, etc.) and in virtualization and orchestration frameworks. Experience with computer networking and web technologies (HTTP, HTML, DNS, etc.). Experience with RDBMS systems/writing SQL queries. Experience triaging SaaS products, related technologies (Pantheon, Kibana, Datadog, Grafana), and REST APIs (Chrome devtools, Postman, cUrl, Swagger). Experience system administrator with Linux/Unix or Windows systems. Mile widziane: Certification in Security such as Security+, CEH, CISM, CISSP. Experience with cloud computing (e.g., certifications, internships, coursework, etc.). Experience working with distributed systems, and familiarity with common solutions, design patterns, or best practices. Experience with any of the following solutions: system virtualization, on-premise or hybrid cloud computing. Experience administering and troubleshooting networks, including network monitoring tools. O projekcie: The Google Cloud Platform team helps customers transform and build what's next for their business — all with technology built in the cloud. Our products are developed for security, reliability and scalability, running the full stack from infrastructure to applications to devices and hardware. Our teams are dedicated to helping our customers — developers, small and large businesses, educational institutions and government agencies — see the benefits of our technology come to life. As part of an entrepreneurial team in this rapidly growing business, you will play a key role in understanding the needs of our customers and help shape the future of businesses of all sizes use technology to connect with customers, employees and partners. Google Cloud accelerates organizations’ ability to digitally transform their business with the best infrastructure, platform, industry solutions and expertise. Delivering enterprise-grade solutions leveraging Google’s technology all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner enabling growth and solving their most critical business issues.The Google Cloud Support team is dedicated to ensuring our customers get the most out of their Google Cloud investment. In this role, you will be a trusted advisor to a various range of customers, from fast-growing startups to global enterprises. You will dive deep into technical issues, troubleshoot critical issues across Google Cloud platform (GCP), and provide expert solutions that help customers innovate with confidence. You will represent the customer, collaborating with engineering and product teams to drive continuous improvement in our products. Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems. Zakres obowiązków: Manage the customer’s problems through effective diagnosis, resolution, or implementation of new investigation tools to increase productivity for customer issues on Google Cloud Platform products. Develop knowledge of Google's product technology and underlying architectures by troubleshooting, reproducing, determining the root cause for customer reported issues, and building tools for faster diagnosis. Act as a consultant and subject matter expert for internal stakeholders in engineering, sales, and customer organizations to resolve technical deployment issues and improve Google Cloud. Understand customer issues and advocate for their needs with cross-functional teams, including product and engineering teams to find ways to improve the product and drive production. Work as part of a team of engineers or consultants that globally ensure 24 hour customer support. This will include a need to sometimes work non-standard work hours or shifts.

Nasze wymagania: Strong technical project management skills, with ability to manage multiple priorities Excellent communication skills with ability to translate complex technical topics clearly Strong attention to detail and ability to identify and resolve technical issues efficiently Experience working collaboratively with cross-functional stakeholders Strong problem-solving skills with proactive approach to technical challenges Proficiency in technical tools and platforms related to: cloud computing data storage networking Experience with 2DC mirroring technologies and data center operations Experience working in complex, multi-stream technical environments Strong coordination and stakeholder engagement skills Ability to balance technical depth with delivery oversight Zakres obowiązków: Provide technical leadership and coordination across 2DC mirroring projects Ensure all technical aspects are aligned with project objectives and delivery timelines Provide clear technical guidance to support planning and decision-making Engage with stakeholders to ensure milestones are on track and risks are assessed Maintain close communication with ongoing workstreams and support project activities Understand solutioning, monitor technical milestone deliveries, and contribute where required Ensure all technical deliverables are completed on time and to a high standard Identify and address technical issues proactively, collaborating with project teams Provide technical expertise and guidance across project activities Ensure solutions align with best practices and industry standards

Nasze wymagania: Technical project management skills including ability to manage multiple tasks and priorities Excellent communication skills including ability to communicate complex technical information in clear and concise manner Strong attention to detail with ability to identify and resolve technical issues quickly and effectively Ability to work collaboratively with diverse team including stakeholders from different departments and levels of seniority Strong problem-solving skills with ability to identify and address technical issues proactively Proficiency in technical tools and platforms including but not limited to cloud computing, data storage, and networking Experience with 2DC mirroring technologies and data center operations Zakres obowiązków: Provide technical leadership and coordination across 2DC mirroring projects Ensure all technical aspects of projects are aligned with project's objectives Provide clear technical guidance to 2DC Mirroring PM to inform planning and decisions across WS4 Engage with stakeholders across 2DC mirroring projects to ensure 2DC milestones are on track and assess risk Maintain close communication and support with workstreams on-going projects Understand solutioning, monitor technical milestone deliveries and contribute where necessary Ensure all technical deliverables are completed on time and to high standard Identify and address technical issues proactively, working collaboratively with project team to resolve them Provide technical expertise and guidance to project team Ensure all technical solutions are aligned with best practices and industry standards

Nasze wymagania: Minimum 3 lata doświadczenia w obszarze testów penetracyjnych lub bezpieczeństwa aplikacji Bardzo dobra znajomość narzędzi pentesterskich (np. Burp Suite Professional, narzędzi Kali Linux) Znajomość OWASP Top 10 (wszystkie rodzaje), metodologii testów penetracyjnych (np. OWASP Web Security Testing Guide - WSTG) Doświadczenie w testach bezpieczeństwa aplikacji webowych, mobilnych, desktopowych, interfejsów API oraz środowisk chmurowych Umiejętność analizy kodu pod kątem podatności oraz pisania własnych skryptów (np. w językach Python, Java, C#) Znajomość zagrożeń cyberbezpieczeństwa w tym związanych z AI i chmurą oraz sposobów ich mitygacji Wykształcenie wyższe (preferowane kierunki: cyberbezpieczeństwo, informatyka) Znajomość języka angielskiego na poziomie umożliwiającym komunikację w zakresie merytorycznym oraz przygotowywania raportów w tym języku Wymagane certyfikaty z obszaru testów penetracyjnych Zakres obowiązków: Prowadzenie testów penetracyjnych systemów, aplikacji webowych, mobilnych, desktopowych, interfejsów API oraz środowisk chmurowych (Microsoft Azure, Google Cloud Platform, Amazon Web Services) i infrastruktury IT w celu identyfikacji podatności oraz oceny poziomu bezpieczeństwa Symulowanie rzeczywistych scenariuszy ataków (Red Teaming) i przygotowywanie rekomendacji minimalizujących ryzyko Analiza wyników testów, tworzenie raportów oraz rekomendowanie działań naprawczych i zapobiegawczych Wspieranie strategicznych projektów związanych z wykorzystywaniem rozwiązań chmurowych (Microsoft Azure, Google Cloud Platform, Amazon Web Services) oraz wdrożeniem rozwiązań AI Ocena bezpieczeństwa modeli i procesów AI oraz identyfikacja zagrożeń związanych z ich wykorzystaniem Tworzenie i aktualizacja procedur dotyczących testów bezpieczeństwa oraz standardów w tym zakresie Współpraca z zespołami IT, DevOps i bezpieczeństwa w celu wdrażania najlepszych praktyk cyberbezpieczeństwa Śledzenie trendów w obszarze cyberataków, technik ofensywnych i narzędzi pentesterskich Oferujemy: Atrakcyjny model pracy hybrydowej: 1 dzień w tygodniu w biurze Umowa o pracę Pracowniczy Program Emerytalny w wysokości 7% opłacany przez pracodawcę Opieka medyczna w PZU Zdrowie Zniżka pracownicza do 50% na ubezpieczenia (m. in. PZU DOM, PZU AUTO) Platforma benefitowa m.in. karta sportowa, bilety do kin i teatrów, vouchery zakupowe Elastyczna oferta grupowego ubezpieczenie na życie w wielu wariantach Dostęp do bazy szkoleń cyfrowych oraz nowoczesnych platform edukacyjnych Szkolenia i programy rozwojowe dla pracowników i menedżerów Programy i działania wellbeingowe dla pracowników 4 godziny wolnego w dniu urodzin (do odebrania w miesiącu, w którym obchodzisz urodziny) 2 dni w roku na wolontariat pracowniczy (możesz zrealizować autorski projekt wolontariacki lub wziąć udział w akcji zorganizowanej przez Fundację PZU) Możliwość rozwoju pasji sportowych w ramach 18 sekcji PZU Sport Team (od Badmintona - po Żeglarstwo Najbardziej zielone biuro w Warszawie (PZU Park) ze strefami relaksu i siłownią

Nasze wymagania: wykształcenie wyższe (preferowane kierunki informatyczne, cyberbezpieczeństwo, compliance) / lub co najmniej 3-letnie doświadczenie zawodowe w obszarze ciągłości działania, zarządzania ryzykiem, ISO 22301, praktyczna znajomość w obszarze prowadzenie lub współprowadzenie BIA, przygotowanie i utrzymanie planów awaryjnych, dobra znajomość wymagań i dobrych praktyk w oparciu o ISO 22301, wiedza z zakresu zarządzania ryzykiem organizacji, umiejętność tworzenia i utrzymania dokumentacji, doświadczenie w planowaniu, wdrażaniu i utrzymaniu ciągłości działania organizacji, silne umiejętności analityczne i komunikacyjne, asertywność, rzetelność i zaangażowanie w wykonywaniu powierzonych zadań, samodzielność, dobra organizacja pracy, komunikatywność; umiejętność pracy w sytuacjach pod presją (incydenty/kryzys), znajomość języka angielskiego w stopniu komunikatywnym. Zakres obowiązków: współtworzenie i rozwijanie strategii ciągłości działania w organizacji w oparciu o dobre praktyki/ISO 22301, prowadzenie analiz BIA (w tym RTO/RPO) oraz opracowywanie i aktualizacja planów ciągłości działania, planów awaryjnych i DR (we współpracy z biznesem i IT), planowanie, organizacja i udział w testach oraz ćwiczeniach planów ciągłości działania; dokumentowanie wyników i rekomendacji usprawnień, przygotowywanie raportów z przeglądów oraz wsparcie w utrzymaniu cyklicznych aktualizacji dokumentacji BCMS, wsparcie zespołów merytorycznych w realizacji założeń BCM poprzez szkolenia, warsztaty i mentoring, współpraca z kadrą kierowniczą w zakresie zarządzania kryzysowego oraz koordynacja działań w sytuacjach incydentów, monitorowanie zgodności założeń systemu ciągłości działania spółki z obowiązującymi przepisami prawa (NIS2, KSC, ISO 22301), wsparcie działań związanych z ryzykiem operacyjnym w zakresie ciągłości działania (identyfikacja ryzyka, zależności, działania mitygujące). Oferujemy: umowę o pracę, możliwość uczestnictwa w konferencjach Tribes, przestrzeń do eksperymentowania, współpracę opartą na wartościach - jesteśmy zespołem, który kieruje się określonymi wartościami. Wspieramy atmosferę pracy opartą na szacunku, zaufaniu i współpracy. Promujemy innowacyjność, kreatywność i odpowiedzialność, możliwości rozwoju - wierzymy w nieustanne doskonalenie i chcemy pomagać naszym pracownikom w rozwoju potencjału (oferujemy szkolenia wewnętrzne i zewnętrzne, warsztaty, szkolenia e-learningowe, programy rozwojowe, oraz możliwość uczestniczenia w rekrutacjach wewnętrznych), przyjazną atmosferę, zarówno w pracy jak i w Game Room, catering w biurze, wsparcie merytoryczne od liderów technologicznych, możliwość uzyskania darmowego dostępu do Akademii Drogisty, sprawdź co jeszcze czeka na Ciebie w Rossmannie: www.kariera.rossmann.pl/benefity.

Solution Architect will be part of Global IT Security Architecture Team and will be accountable for planning, designing and communicating security architecture roadmap and strategy, ensuring that solution designs are aligned with the target architecture landscapes meeting both business and technology requirements. How you will get the job done - being responsible for translating security requirements into service portfolio that will help to establish the scope of security architecture function - contributing to development and implementation of security architecture process into process portfolio and ensuring effective and efficient collaboration as well as and enforcement of security architecture principles - supporting analysis and assessments of the current technological landscapes, discovering gaps, deficiencies and recommending design or implementation improvements - translating information security policies into a technical security control framework and security architectural blueprints, communicating these to the projects and stakeholders - participating in definition, prototyping and continuous development of ERGO security reference architecture, methodology, models and security controls; aligning requirements from the architecture teams, technology teams and Global IT Security colleagues - supporting and/or consulting implementation of security architecture - managing stakeholder relationship by working closely with business stakeholders, domain leaders, process owners and third-party suppliers - ensuring that projects and solutions incorporate secure by design principal and that IT security is embedded at early stages of the development process - challenging the status-quo, service landscapes and security solutions in order to improve the adherence with security principles as well as policies and standards - reviewing existing architectures in the projects and assessing the security maturity and compliance levels, with the goal of jointly identifying potential short- and long-term improvement

O projekcie: The Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC). This role is primarily hybrid, with occasional travel to our Krakow office. In return for your expertise, we’ll support you in this new challenge with coaching & development every step of the way. Also, to reward the hard work, you’ll get: - Contract of Employment (UoP) - Private medical coverage, Multisport - Life insurance (two annual incomes), - Employee Stock Purchase Plan – 15% discount for buying Motorola’s Stock units, - Employee Pension Plan – 3,5 % of the month’s salary gross, which goes to the retirement account - IP Tax Relief (up to 50%) - Yearly salary increase (depends on individual performance) - Yearly bonus (depends on company performance) - UK working hours (working day between 10-18), - 8 hours working day (30 minutes lunch break included). - Hybrid/ remote work Wymagania: Experience and Education - 5+ years of experience in Security Engineering with a focus on product security and/or application security. - Bachelor’s degree in Computer Science, Information Security, or a related technical field. - Good verbal and written English communication. Technical Skills - In-depth knowledge of Linux and Docker container-based infrastructures, including their orchestration (e.g. Kubernetes). - Working knowledge of techniques, standards, and state-of-the-art authentication and authorization technologies, applied cryptography, security vulnerabilities and remediations. - Significant software development experience. Experience in Go (our main backend language), Typescript/Javascript, C/C++, Python and Bash is desirable. - Working knowledge of web-related protocols and technologies (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP), and security protocols (TLS). - Experience in performing threat modeling, with a good grasp of common threat vectors and frameworks. - Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls, OWASP ASVS and Testing Guides. - Familiarity with industry-standard security frameworks such as OWASP and NIST. - Experience with security tools such as SAST, DAST, IAST, and SCA. - Exceptional analytical and investigative skills, with hands-on experience in root cause analysis. - Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities. - Experience with CI/CD pipeline, security tools integration, and secure SDLC. - Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud), and on best practices on how to secure cloud environments. Desirable Qualifications Advanced Expertise - Familiarity with security considerations for AI/ML systems is desirable. - Understanding of distributed systems design, implementation and operation. - Understanding of privacy threats and controls, including on how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders. - Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable. - Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery). Education and Certifications - Master's degree or equivalent experience preferred. - Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP. Soft Skills and Leadership - Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders. - Demonstrated ability to design, document, and implement new security processes. - Experience in a high-growth technology environment or SaaS business. - Ability to remain calm under pressure, especially during incidents or audits. Codzienne zadania: - Security Design and Implementation, which involves threat modeling, risk assessments, architecture reviews, and providing security expertise to engineering teams; - Security Testing, including deploying and overseeing automated tools like SCA, SAST, DAST, and Secret Detection, as well as conducting manual penetration testing; - Vulnerability Management, which encompasses triaging, validating, and prioritizing security findings, and managing their remediation through the SDLC; - SDLC and DevSecOps Integration, focusing on establishing secure coding standards and implementing automated security controls within CI/CD pipelines; - Incident Response and Compliance, which requires supporting security incident response processes, monitoring emerging threats, and ensuring product compliance with relevant security standards and regulations like OWASP and NIST.

Nasze wymagania: Bachelor's degree in Computer Science or equivalent practical experience. 8 years of technical leadership experience. Experience in documented software engineering. Mile widziane: Experience in large-scale computing, distributed systems. O projekcie: Google's software engineers develop the next-generation technologies that change how billions of users connect, explore, and interact with information and one another. Our products need to handle information at massive scale, and extend well beyond web search. We're looking for engineers who bring fresh ideas from all areas, including information retrieval, distributed computing, large-scale system design, networking and data storage, security, artificial intelligence, natural language processing, UI design and mobile; the list goes on and is growing every day. As a software engineer, you will work on a specific project critical to Google’s needs with opportunities to switch teams and projects as you and our fast-paced business grow and evolve. We need our engineers to be versatile, display leadership qualities and be enthusiastic to take on new problems across the full-stack as we continue to push technology forward. In this role, you will be a part of the Cluster Management team responsible for critical software that configures and runs Google data centers, helping us drive the long term security roadmap for cluster management system to bring significant user experience improvements to customers. You will be responsible for analyzing, designing and implementing features affecting all services at Google, with projects running the gamut of distributed computing, new features and platform support. As cluster management systems are a foundation for multiple planet-scale services, you will experience the amount of compute power and optimization opportunities that are bigger than anything elsewhere. You can take a look at https://bit.ly/WarsawCloudMeetupRecording5 for more insight into the issues we are addressing. Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems. Zakres obowiązków: Define the security goal for cluster management system. Design solutions to problems or efforts spanning through multiple systems in and outside of the team. Deliver multi-million impact in savings and optimizations. Plan and follow effort execution. Represent the team in technical reviews and discussion at all levels.

Nasze wymagania: Minimum of 5 years of experience in cybersecurity, network security, or related fields. Strong knowledge of network security principles, threats, and risk management. Proven experience in gathering and managing security requirements within complex environments. Familiarity with defense-in-depth capabilities, cloud and on-premise network architectures, and cybersecurity frameworks. Excellent stakeholder management skills and ability to communicate complex concepts clearly. Strong analytical and problem-solving skills with a strategic mindset. Mile widziane: Certifications such as CISSP, CISA, CEH, or equivalent. Experience working within highly regulated, multinational environments. O projekcie: As a Senior Network Visibility and Cybersecurity Requirements Analyst, you will be working for our client, a global leader in defense engineering solutions. Your role will be instrumental in developing and implementing cutting-edge network security controls that defend against evolving cyber threats, ensuring the safety and resilience of critical financial infrastructures. Join a team dedicated to innovation and excellence, and take your career to the next level. Ignite the future of cybersecurity — shape the blueprint for resilient network visibility! Krakow-based opportunity with hybrid work model. Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Collaborate with control owners and stakeholders to elicit, define, and manage network visibility requirements aligned with the bank’s risk appetite. Support capability leads in maintaining comprehensive visibility of all network aspects for risk identification and mitigation. Collect and analyze requirements to detect and report network-related cyber events, working closely with security architects and SOC teams. Design and refine metrics and Key Control Indicators (KCIs) to measure the effectiveness of network security controls. Identify opportunities to enhance network visibility and improve security posture through innovative solutions. Maintain thorough documentation and repositories of all security requirements and related processes. Ensure compliance with industry standards, internal policies, and external regulations, promoting a culture of cybersecurity awareness. Build and nurture relationships with internal teams, external vendors, and regulatory bodies to facilitate a united approach to network security. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: Minimum kilkuletnie komercyjne doświadczenie w pracy z SailPoint IdentityIQ Bardzo dobra znajomość Java oraz doświadczenie w tworzeniu customowych rozszerzeń w IIQ Doświadczenie w budowie i konfiguracji konektorów Praktyczna znajomość integracji z wykorzystaniem REST i/lub SOAP Znajomość SQL Doświadczenie w pracy w środowisku enterprise Komunikatywna znajomość języka angielskiego Mile widziane: Znajomość Docker, Kubernetes, Jenkins Doświadczenie ze Spring Boot Doświadczenie w projektach o podwyższonych wymaganiach bezpieczeństwa O projekcie: Do zespołu realizującego projekt rozwoju i optymalizacji platformy Identity Governance poszukujemy doświadczonego Developera SailPoint IdentityIQ. Osoba na tym stanowisku będzie odpowiedzialna za rozwój oraz utrzymanie rozwiązań IAM w środowisku enterprise o wysokich wymaganiach jakościowych i bezpieczeństwa. Rola obejmuje pracę przy rozbudowie funkcjonalności, integracjach z systemami zewnętrznymi oraz automatyzacji procesów związanych z zarządzaniem tożsamością. Zakres obowiązków: Rozwój i utrzymanie rozwiązań opartych na SailPoint IdentityIQ oraz Java Tworzenie nowych konektorów oraz migracja istniejących integracji (np. z rozwiązań plikowych na bezpośrednie konektory) Integracja platformy z systemami zewnętrznymi przy wykorzystaniu REST, SOAP, SCIM Implementacja oraz rozwój customowych reguł (Rules), workflow i tasków w IIQ Praca z API SailPoint (m.in. SailPointContext) Zapewnienie wysokiej jakości kodu oraz stosowanie dobrych praktyk programistycznych (code review, testy, wzorce projektowe) Współpraca w międzynarodowym środowisku projektowym Udział w działaniach usprawniających procesy, automatyzujących pracę i ograniczających ryzyko operacyjne Terminowe dostarczanie rozwiązań zgodnie z wymaganiami projektowymi Oferujemy: Oferujemy udział w długofalowym projekcie w stabilnym środowisku, możliwość pracy przy rozwoju kluczowej platformy IAM oraz realny wpływ na kształt i jakość wdrażanych rozwiązań.

Nasze wymagania: Bachelor's degree in Computer Science, Information Systems, Cybersecurity or a related technical field, or equivalent practical experience. Certification in Project Management Professional (PMP). 5 years of experience leading cybersecurity/IT programs and initiatives. Mile widziane: Experience in working on government programmes. Experience working in projects and programs relating to the design and build of cybersecurity. Understanding of SOC infrastructure, architecture, and other enabling requirements. Ability to convey results clearly in formal technical reports and deliver briefings. Excellent financial and order management skills. O projekcie: Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone. Zakres obowiązków: Contribute to governance arrangements for the oversight and management of all aspects of delivery. Manage internal project working group meetings, and ensure minutes and an action grid are produced, and that risks are raised to the Mandiant project steering group. Develop a detailed understanding of all project stakeholders, both internal and external. Understand the design, build and operationalization of the client’s cyber security capabilities, determine optimum delivery timelines Mandiant products and services. Coordinate between multiple external and government agencies in the supervision and execution of project activities.

Nasze wymagania: 4–8 years of IT experience, including at least 2 years with CyberArk Hands-on experience with CyberArk PAM solution, including CPM and PSM plugin development Scripting experience (PowerShell, C++, REST APIs, Shell scripting) Knowledge of IAM/IDAM processes and technologies Familiarity with Active Directory, LDAP, databases, and network devices Understanding of technologies such as SSH, RDP, HTML, SSL, Windows, Linux Experience with ticketing tools Strong documentation skills Fluent English (German is an advantage) Strong analytical, communication, and organizational skills Ability to work independently and collaborate with global teams Proactive attitude and problem-solving mindset Bachelor’s or Master’s degree in IT or related field Mile widziane: CyberArk certification O projekcie: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, we are looking for a PAM Engineer (CyberArk). Location: Poland (100% remote) Type of employment: B2B contract Remuneration: 140 - 160 PLN net + VAT on B2B Project languages: English (German is a plus) Zakres obowiązków: Design, implement, and configure Privileged Access Management solutions using CyberArk across Windows, UNIX, databases, applications, and network/security devices Support onboarding of privileged accounts into the CyberArk platform in line with best practices Collaborate with application owners and cross-functional teams to design and implement secure integrations Eliminate hard-coded credentials using CyberArk Access Manager and Credential Providers Develop and manage CyberArk CPM plugins and PSM connectors for custom systems Create automation scripts (PowerShell, Shell, REST APIs, etc.) to support PAM processes Perform testing, validation, and security compliance checks for integrations Provide expert-level support for complex technical issues and changes Ensure proper documentation and handover to operations teams after project completion Oferujemy: Private medical care with dental care (covering 70% of costs). Family package option possible Multisport card (also for an accompanying person) Life insurance Work with talented engineers on large-scale, technically challenging projects

Nasze wymagania: In-depth knowledge of network design and security technologies (firewalls, IDPS, WAF, NAC, DDoS protection, segmentation, etc.). Strong understanding of network security threats and risk management. Excellent communication and interpersonal skills, with experience engaging technical leaders and management. Ability to work collaboratively across boundaries and influence without direct authority. Strong organizational skills and ability to manage multiple tasks in a time-sensitive environment. Mile widziane: Bachelor’s degree in Computer Science, Cybersecurity, or related field. Industry certifications (CISSP, CISM, CCNA, CCIE, etc.). Familiarity with cloud security, scripting (Python, Perl), and security operations tools (SIEM, incident response). Experience with Agile/DevOps methodologies and IT service management principles. O projekcie: As a Lead SME – Network Security Consultancy, you will provide expert consultancy and deliver projects focused on network security controls and initiatives. You’ll apply your deep knowledge of network security products, solutions, and best practices to real-world challenges, helping the organization maintain and enhance its network security posture against evolving threats and risks. Zakres obowiązków: • Provide subject matter expertise on network security controls for business and IT projects. • Identify opportunities to improve network security posture and propose solutions. • Analyze network and cybersecurity data (e.g., system logs) to support decision-making and validate control effectiveness. • Collaborate across teams and build strong stakeholder relationships within Cybersecurity and beyond. • Stay current with industry standards and best practices for enterprise network security. • Ensure compliance with internal controls, regulatory requirements, and cybersecurity standards. Major Challenges • Managing multiple priorities in a complex, global environment. • Driving continuous improvement in network security posture. • Navigating a highly regulated and evolving technology landscape. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: Zaawansowana znajomość systemów operacyjnych Windows i Linux. Duże doświadczenie w zakresie cyberbezpieczeństwa (ochrona przed złośliwym oprogramowaniem, konfiguracja zapór sieciowych, bezpieczeństwo sieci, szyfrowanie, VPN). Znajomość technologii wirtualizacji (VMware, HyperV,). Doświadczenie w koordynacji zespołu lub kierowaniu zespołem technicznym. Wykształcenie wyższe z zakresu informatyki, IT lub pokrewnych dziedzin. Komunikatywna znajomość języka angielskie w mowie i piśmie. Umiejętności twarde: Zaawansowana administracja systemami (Windows i Linux);  Zarządzanie siecią i rozwiązywanie problemów; Zarządzanie cyberbezpieczeństwem; Technologie wirtualizacji • Tworzenie kopii zapasowych i odzyskiwanie danych po awarii  Platformy chmurowe (Microsoft 365, Azure) Umiejętności miękkie: Przywództwo i koordynacja zespołu; Zdolność podejmowania decyzji; Silne myślenie analityczne; Komunikacja i zarządzanie interesariuszami;  Zarządzanie czasem i priorytetami; Odpowiedzialność i odporność Mile widziane: Certyfikaty takie jak CompTIA Security+, Microsoft Azure Administrator, VMware Certified Professional będą dodatkowym atutem. Zakres obowiązków: Instalacja, konfiguracja i konserwacja sprzętu i systemów operacyjnych. Zarządzanie siecią firmową, zaporami sieciowymi, domenami, sieciami VPN i systemami poczty elektronicznej. Nadzór nad procesami tworzenia kopii zapasowych i odzyskiwania danych po awarii. Monitorowanie wydajności infrastruktury i zgodności z przepisami cyberbezpieczeństwa. Koordynacja codziennych działań zespołu (3 osoby) i delegowanie zadań. Bieżąca współpraca z centralnym działem IT. Monitorowanie KPI, nadzór nad SLA i raportowanie do Dyrektora IT. Mentoring członków zespołu i pełnienie funkcji punktu eskalacji w przypadku złożonych incydentów. Oferujemy: Stabilną i ciekawą pracę w dynamicznie rozwijającej się międzynarodowej firmie obecnej na rynku już 70 lat;  Dodatkowe premie (frekwencyjna, wakacyjna, świąteczna) w takiej samej kwocie dla każdego pracownika;  Ruchomą godzinę rozpoczęcia pracy (między 07.30 a 08.30);  Platformę goFluent do nauki języków, aby komunikacja w języku angielskim nie sprawiała Ci problemów😊  Prywatną opiekę zdrowotną w ramach Luxmed dla Ciebie dofinansowaną w pełni przez pracodawcę bądź dla całej rodziny w konkurencyjnej cenie;  Multisport – najtańszy pakiet już od 20 zł miesięcznie;  Grupowe ubezpieczenia na życie w ramach PZU bądź UNUM;  Program Rekomendacji Pracowniczych – zdobądź dodatkową premię za zatrudnienie polecanego przez Ciebie pracownika;  Na terenie zakładu automaty z kanapkami, przekąskami, napojami oraz kawą; 

Nasze wymagania: 6+ years work experience in technology audit and ITGC Testing Working knowledge and experience in python, JSON and SQL Experience in auditing IT cloud operations, network, infrastructure, and security preferably related to Amazon Web Services and Azure Experience in IT security and IT governance risk and compliance Strong understanding of cybersecurity processes and concepts (e.g. vulnerability management, security governance, software development, incident response, physical security, auditing and logging, micro segmentation, secure access service edges, zero trust architecture, PKI, penetration testing) as well as application controls Experience in auditing, compliance, and/or risk FFIEC, GLBA, GDPR and PCI Working knowledge and experience with professional standards including CCM, NIST CSF, COSO and COBIT Excellent listening and communication skills in both written and verbal forms; previous experience in writing internal audit reports, preferred Strong analytical, interpersonal and communication skills Current certifications, such as CISA or CISSP Demonstrate and apply a thorough understanding of complex information systems. Demonstrate and apply strong project management, time management and organizational skills Must possess an understanding of Information Security policies and standards, and have a working knowledge of Business Continuity Programs, electronic banking software and applications, Cloud computing, Cybersecurity Regulatory Framework, and Vendor Management practices Must be proficient using Microsoft Office software Ability to operate independently and perform quality work within the scheduled timeframe. O projekcie: US Bank Europe is seeking a highly motivated Information Technology (IT) Controls Tester to join our Business Line Quality Assurance (BLQA) program. This role is critical to helping the company identify and address compliance, financial, operational, strategic and technology risks in technology processes. The work requires proficiency in the areas of internal ITGC control testing/IT auditing. The role will focus on robust planning and execution of technology control testing. Zakres obowiązków: Independently validate the design and operational effectiveness of IT General Controls and Cloud controls Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures Prepare test scripts Perform root cause and impact analysis and provide management with recommendations to resolve issued findings. Advise business partners on IT findings, risks and control weaknesses. Validate findings post remediation Use knowledge of the current IT environment and industry IT trends to help identify and anticipate potential issues that may impact the banks risk landscape Design and assist in building continuous monitoring/reporting to improve efficiency an awareness of control testing activities Provide technical assistance on audit techniques Maintain an understanding of the cybersecurity footprint, platform architecture, cloud infrastructure, data governance and privacy compliance, general computing control structure of the Company (systems and architecture) and be able to apply that knowledge to how it supports the processes and procedures being reviewed Develop and maintain strong and effective working relationships with key business partners Proactively engage and follow up to ensure deliverables are met, and identified gaps have been communicated Oferujemy: This role requires working from a U.S. Bank location three (3) or more days per week.

Nasze wymagania: Experience: Minimum 5 years with middleware technologies (IBM WebSphere, Apache HTTP Server, Oracle WebLogic, etc.) and middleware platform security. Leadership: At least 2 years leading technical teams. Knowledge: Strong understanding of CIS benchmarks, IT risk management, and compliance frameworks. Skills: Excellent stakeholder management, communication, and problem-solving abilities. Mindset: Customer-centric, adaptable, and capable of managing complex dependencies. O projekcie: Are you passionate about cybersecurity and ready to take on a leadership role in a global organization? We are looking for an experienced professional to lead middleware platform security initiatives and help shape the future of secure technology solutions. As the Head of Middleware Platform Security, you will play a critical role in defining and implementing secure configuration baselines for middleware technologies, ensuring compliance, and driving strategic security initiatives across the organization. You will collaborate with stakeholders globally, lead capability development, and manage a small team to deliver sustainable business outcomes. Sounds like your kind of challenge? Zakres obowiązków: Define and maintain secure configuration baselines for middleware software (e.g., IBM WebSphere, Apache Tomcat, Oracle WebLogic, nginx, node.js). Collaborate with technical subject matter experts to implement compliance checks and remediation guidance. Lead capability strategy development in alignment with enterprise architecture and security standards. Drive adoption of new technologies and best practices to enhance security posture. Manage and prioritize capability backlogs, ensuring alignment with business and security objectives. Build strong relationships with internal and external stakeholders, including risk, audit, and regulatory bodies. Oversee risk management, compliance, and audit requirements related to middleware security. Provide visionary leadership, fostering a culture of innovation and continuous improvement. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 5 days per month in Kraków office Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: Bardzo duże doświadczenie w obszarze cyberbezpieczeństwa; Głęboka wiedza z zakresu analizy zagrożeń w ramach analizy ruchu sieciowego, bezpieczeństwa sieci i systemów; Doświadczenie w projektach o charakterze badawczo-rozwojowym; Umiejętność krytycznej oceny koncepcji technicznych; Autorytet merytoryczny i zdolność do pracy z zespołami eksperckimi. Mile widziane: Doświadczenie w projektowaniu lub ocenie systemów klasy enterprise security; Współpraca z zespołami AI/ML w kontekście cyberbezpieczeństwa; Publikacje, wystąpienia lub udział w projektach innowacyjnych. Zakres obowiązków: Definiowanie koncepcji i kierunków rozwoju rozwiązań cyberbezpieczeństwa; Ocena realności, skuteczności i ryzyk proponowanych podejść; Wsparcie zespołów inżynierskich w rozwiązywaniu złożonych problemów; Analiza trendów, technik ataków i metod obrony; Udział w kluczowych decyzjach architektonicznych i technicznych; Weryfikacja wyników prac prototypowych i eksperymentalnych.