Oferty pracy

Nasze wymagania: Tytuł licencjata lub magistra w dziedzinie automatyki, inżynierii elektrycznej, informatyki przemysłowej lub pokrewnej dziedziny technicznej Dodatkowe certyfikaty w zakresie cyberbezpieczeństwa OT (np. IEC 62443, NIST CSF) są dużym atutem Minimum 3 lata doświadczenia w administracji systemami OT w środowisku produkcyjnym (preferowany przemysł farmaceutyczny) Praktyczne doświadczenie w konfiguracji, utrzymaniu i rozwiązywaniu problemów systemów OT (SCADA, PLC, DCS) Praktyczna znajomość integracji IT/OT, segmentacji sieci i środków cyberbezpieczeństwa będzie dodatkowym atutem Znajomość przemysłowych protokołów komunikacyjnych (Profinet, Ethernet/IP) Wiedza na temat narzędzi i procesów związanych z cyberbezpieczeństwem (CyberArk PAM, przepływy pracy IDM) Umiejętność monitorowania i analizowania zdarzeń związanych z bezpieczeństwem oraz reagowania na incydenty Znajomość zasad GMP, CSV oraz integralności danych będzie dodatkowym atutem Silne umiejętności komunikacji i współpracy w pracy w strukturze macierzowej Umiejętność priorytetyzowania zadań i zarządzania incydentami pod presją Skrupulatność z naciskiem na zgodność i dokładność dokumentacji Biegła znajomość języka polskiego oraz dobra znajomość języka angielskiego (w mowie i piśmie) O projekcie: Specjalista ds. OT zapewnia bezpieczeństwo operacyjne, niezawodność i zgodność lokalnych systemów Technologii Operacyjnej (OT) na terenie zakładu produkcyjnego. Rola ta koncentruje się na utrzymaniu kontroli cyberbezpieczeństwa. Działając jako główny punkt kontaktowy ds. bezpieczeństwa OT w zakładzie, Specjalista ds. OT wdraża korporacyjne standardy i polityki, wspiera reakcję na incydenty oraz zapewnia, że lokalne systemy spełniają wymagania wewnętrzne i regulacyjne. Stanowisko funkcjonuje w strukturze macierzowej, ściśle współpracując ze Starszym Specjalistą ds. OT w centrali oraz zespołami inżynieryjnymi w zakładzie w celu zabezpieczenia ciągłości produkcji i minimalizacji ryzyka cybernetycznego. Zakres obowiązków: Monitorowanie i analizowanie zdarzeń cyberbezpieczeństwa OT oraz reagowanie na incydenty Zarządzanie kontami użytkowników i uprawnieniami dostępu zgodnie z procesami IDM Wprowadzanie zmian w konfiguracji i aktualizacji systemów OT zgodnie z procedurami zarządzania zmianami Zapewnienie kompletności mechanizmów bezpieczeństwa i dokumentacji dla zasobów OT Wsparcie w ocenie podatności i działaniach zaradczych Koordynacja z działem IT i zewnętrznymi dostawcami podczas instalacji, konfiguracji i rozwiązywania problemów Utrzymywanie przygotowania do audytów oraz dokumentacji w zakresie zgodności z cyberbezpieczeństwem Oferujemy: Zatrudnienie w oparciu o umowę o pracę, w nowoczesnej i dynamicznie rozwijającej się firmie farmaceutycznej działającej na rynkach międzynarodowych Prywatną opiekę medyczną Dofinansowanie do karty Multisport Kartę lunchową – 350 zł miesięcznie Ubezpieczenie na życie System kafeteryjny (bilety do kina, teatru, bony na zakupy itp.) Pracowniczy Program Emerytalny - 3,5% płatne przez pracodawcę Pakiet relokacyjny Szkolenia i rozwój kompetencji zawodowych Niezbędne narzędzia pracy Jeden dodatkowy dzień wolny w roku

Nasze wymagania: masz minimum rok doświadczenia na stanowisku związanym z SOC lub cyberbezpieczeństwem  posiadasz doświadczenie w pracy z narzędziami typu SIEM  znasz zagadnienia związane z malware, exploitami, phishingiem oraz innymi typami zagrożeń  umiesz myśleć analitycznie oraz rozwiązywać problemy O projekcie: Praca w Departamencie Bezpieczeństwa w Zespole Wykrywania i Reagowania na Cyberzagrożenia. Zespół świadczy usługi na rzecz Banku BPS oraz Banków Spółdzielczych. Zakres obowiązków: przeprowadzasz wstępną analizę i weryfikację zgłoszeń incydentów bezpieczeństwa  współpracujesz z zespołem L2 oraz zespołem analityków w celu szybkiego rozwiązania incydentów  korelujesz dane z różnych źródeł i narzędzi (SIEM, IDS/IPS, firewalle, AV, DLP, itp.)  rejestrujesz i dokumentujesz alerty i zgłoszenia incydentów bezpieczeństwa w systemach ticketowych  tworzysz raporty z incydentów oraz prowadzisz dokumentacje  pracujesz w trybie zmianowym 24/7  Oferujemy: praca w systemie hybrydowym - 8 dni pracy zdalnej w miesiącu (praca stacjonarna z Centrali BPS przy ul. Grzybowskiej 81 w Warszawie - komfortowy budynek na przeciwko Muzeum Powstania Warszawskiego, w okolicach Ronda I. Daszyńskiego) opiekę medyczną firmy Medicover (bezpłatna dla pracownika, pakiety płatne dla członków rodziny) ubezpieczenie grupowe firmy Ergo Hestia zakładowy fundusz świadczeń socjalnych (pożyczki na preferencyjnych warunkach, wczasy pod gruszą, bonus finansowy z okazji Świąt Bożego Narodzenia) dofinansowanie do okularów w wysokości 600 zł Pracowniczy Program Emerytalny (możliwość przystąpienia po 7 miesiącach od zatrudnienia, odprowadzana składka w wysokości 3,5% wynagrodzenia) dofinansowanie działań rozwojowych dofinansowanie pakietów sportowych PZU Zdrowie bezpłatny dostęp do platformy e-learningowej języków obcych eTutor: angielski, hiszpański, niemiecki, włoski, francuski bezpłatny dostęp do platformy wellbeingowej BPS dbaMy (konsultacje z: psychologiem, psychiatrą, dietetykiem, trenerem personalnym i wiele innych)

Software Engineer II - Security - Admin Experience - AppEx Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI. What is The Role We are looking for a security-focused Engineer to strengthen Kibana's security posture and build robust platform security features. In this role, you'll be responsible for hardening Kibana against evolving threats, managing security vulnerabilities, and ensuring our application meets the highest security standards for enterprise and government customers. You'll also leverage AI to build innovative security tools that enhance our vulnerability detection, automate security workflows, and accelerate threat response. If you're passionate about web application security and want to make a direct impact on protecting critical infrastructure while pushing the boundaries of AI-powered security, this is the role for you. What You Will Be Doing * Lead security hardening efforts across Kibana's codebase and infrastructure, including content security policy implementation and enforcement * Build AI-powered tools and workflows to enhance security operations, including automated vulnerability detection, intelligent security alert triage, and predictive threat analysis * Manage third-party dependency security through regular audits, vulnerability assessments, and coordinated upgrades * Collaborate with security researchers and respond to vulnerability reports with urgency and thoroughness * Design and implement security controls for authentication, authorization, and auditing features * Work closely with Operations and Engineering teams to ensure security best practices across our hosted and on-premise offerings * Contribute to threat modeling and security architecture decisions for new features * Write secure, maintainable code for both client and server-side components

Nasze wymagania: At least 3 years of experience in threat & vulnerability management or a similar cybersecurity role. Strong knowledge of Application security scanning techniques (SAST, DAST, MAST, FOSS) and related coding review skills. Familiarity with vulnerability databases and metrics such as CVE, CWE, CISA, NVD, CVSS, and Mitre. Practical experience with security scanning tools like Nessus, and familiarity with security controls analysis and process flows. Excellent organizational, analytical, and problem-solving skills, with high attention to detail. Strong interpersonal skills, capable of building effective relationships with global stakeholders. Proactive, independent, and collaborative mindset with a flexible approach to shifting priorities. Proven ability to deliver high-quality work under tight deadlines. Fluent English – excellent command necessary for collaboration and reporting. Mile widziane: Certifications such as CISSP, CEH, or relevant vulnerability management credentials. Experience working within financial or highly regulated industries. O projekcie: As a Senior Vulnerability Management Specialist – Cybersecurity, you will be working for a leading international bank, within the Business Area IT – Cybersecurity. You will play a pivotal role in safeguarding our digital assets by leading vulnerability assessments and managing security risks across global systems. Join us to be part of a forward-thinking team driving innovative cybersecurity strategies in a dynamic financial environment. Empower secure digital futures — lead the charge in vulnerability management excellence! Krakow-based opportunity with hybrid work model (up to 3 days remote per week). Only candidates with an existing legal right to work in Europe will be considered for this role. Zakres obowiązków: Develop and enhance operational models to streamline vulnerability management workflows and support continuous improvement initiatives. Conduct real-time security assessments using advanced scanning and code review techniques, ensuring high standards for threat detection and response. Oversee and refine vulnerability review processes, including false positive management and criticality assessments, ensuring accurate documentation for audit purposes. Collaborate with cross-functional teams including Threat Intelligence, Incident Response, and Cloud Security to implement effective remediation activities. Contribute to regulatory and audit responses, providing expert guidance and detailed security assessments to internal and external stakeholders. Support ad hoc cybersecurity operational activities, escalating issues as necessary, and working within a global team to prioritize and meet deliverables. Maintain expertise on scanning technologies such as Nessus, SAST, DAST, FOSS, and related security tools; and stay updated on emerging threats and industry best practices. Oferujemy: Stable and long-term cooperation with very good conditions. Enhance your skills and develop your expertise in the financial industry. Work on the most strategic projects available in the market. Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years. Participate in Social Events, training, and work in an international environment. Access to attractive Medical Package. Access to Multisport Program. Access to Pluralsight. Flexible hours & remote work.

Nasze wymagania: Minimum of 5 years’ experience in cybersecurity or technical roles within regulated sectors like finance. Proficiency in threat modelling and deep understanding of the MITRE ATT&CK framework. Extensive experience in cybersecurity operations encompassing threat detection, incident response, and vulnerability management. Strong analytical and problem-solving skills, with the ability to think adversarially. Excellent communication and collaboration skills across cross-functional teams. In-depth knowledge of cyber threat intelligence application. Proficiency with cybersecurity tools such as IDS/IPS, SIEMs like Splunk or Microsoft Sentinel, EDR, firewalls, and Proxies. Technical knowledge of network protocols (TCP, UDP, DNS, HTTP, etc.), enterprise infrastructure (Windows, Linux), and cloud security platforms (AWS, Azure, GCP) is a plus. Language required for the role: Fluent English Mile widziane: Industry-recognized cybersecurity certifications such as CISSP, GSEC, GCIH, CEH, or equivalent. Experience with log management and security analytics tools. Knowledge of cloud platform security tooling. O projekcie: As a Senior Threat Modeling and Cybersecurity Operations Specialist, you will be working for our client within a top-tier global bank’s cybersecurity division. You will contribute to securing critical technology infrastructure, developing threat models, and integrating advanced frameworks like MITRE ATT&CK to proactively defend against evolving cyber threats. Join a team dedicated to maintaining premier cybersecurity standards and evolving with innovative security practices. Unleash innovation in cybersecurity — shape the next frontier of defense! Krakow-based opportunity with hybrid work model (up to 3 remote days per week). Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Develop and implement threat models to identify vulnerabilities and attack paths within organizational systems. Employ the MITRE ATT&CK framework to understand adversary tactics, techniques, and procedures (TTPs). Collaborate with Cybersecurity Operations teams to embed threat modelling insights into daily operations and strategic planning. Conduct security posture assessments and recommend improvements based on threat intelligence and framework analysis. Lead the development of sophisticated search capabilities and advanced analysis techniques to detect complex threats and insider activities. Engage with internal and external stakeholders to leverage threat intelligence and enhance detection capabilities. Oferujemy: Stable and long-term cooperation with very good conditions. Enhance your skills and develop your expertise in the financial industry. Work on the most strategic projects available in the market. Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years. Participate in Social Events, training, and work in an international environment. Access to attractive Medical Package. Access to Multisport Program. Access to Pluralsight. Flexible hours & remote work.

Nasze wymagania: 5+ lat doświadczenia w Threat Intelligence, Threat Hunting lub Incident Response. Doświadczenie w prowadzeniu dochodzeń i analiz proaktywnych w środowiskach enterprise. Bardzo dobra znajomość EDR oraz SIEM / narzędzi analityki logów. Silne zrozumienie: exploitacji podatności, exposure management, attack path analysis. Głęboka wiedza o tradecrafcie przeciwników i współczesnych technikach ataku. Umiejętność pracy samodzielnej, szybkiego podejmowania decyzji i działania pod presją. Język angielski na poziomie umożliwiającym swobodną komunikację Zakres obowiązków: Prowadzenie proaktywnego threat huntingu, threat intelligence oraz aktywności Incident Response. Realizacja hipotezowych polowań w oparciu o telemetry endpointów, tożsamości, chmury i sieci. Szybka analiza, triage i reakcja na incydenty o wysokim priorytecie. Analiza zachowań przeciwników (TTP) w oparciu o MITRE ATT&CK i bieżące kampanie. Ścisła współpraca z Vulnerability Management przy priorytetyzacji podatności oraz ocenie ryzyka na podstawie TI i ekspozycji. Identyfikowanie ścieżek ataku, błędnych konfiguracji i powiązanych słabości w środowisku. Przekładanie ustaleń TI/TH/IR na konkretne rekomendacje detekcyjne i responsowe. Współpraca z SOC, Privacy, Legal, Compliance, IT, CrowdStrike oraz biznesem w ramach dochodzeń. Tworzenie klarownych raportów i briefów dla leadershipu (przed i po incydentach). Oferujemy: Umowa B2B via Michael Page Praca hybrydowa z biura w centrum Warszawy (3 dni pracy z biura) Praca w godiznach 9:00-17:00/8:00-16:00

Nasze wymagania: Architecture Engineering Background preferred Experienced lead of technical and analytical teams and SMEs Experienced in budget and cost assessment of IT resources and solutions (people, IT development and run costs) Experienced advisor to tech leaders and in guiding critical decision-making processes Experienced in IT resilience and recovery (application resiliency requirements, DORA, fault tolerance, recovery processes, including failover and restore from backup) Good understanding of IT dependencies (infrastructure and application dependencies) Knowledge of financial/banking sector in relation to its IT-landscape Analytical and technical mindset to guide IT analyses at applications/platform levels Good infrastructure understanding to ensure alignment between technology platforms Good understanding of risk related issues, audit findings, and regulations, and their impact on IT-landscape Hybrid model: 2-3 days onsite per week Office locations: Gdynia, Gdansk or Warsaw Zakres obowiązków: Lead resiliency requirements workstream Support Testing Framework work from failover and restore testing Advisory to senior leadership on Technology capabilities and approach on application uplift, restore from backup testing and dependency mapping Tech and management advice on GAO, GIA findings Tech ad-hoc request BCCM leadership Tech Support/Advisory support to PM Leads for 2.4, 2.7, and 2.8 Target alignment between 2.4 and 2.7, including platform approach perspective (infra dependencies) Support on technology SME knowledge for transition to BAU support of ws2.7 Drive WS2 overall technical challenges and align with tech organization stakeholders Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: 5+ years of hands-on experience with Linux, preferably with a focus on information security, endpoint security, and antimalware solutions. Strong background in Ansible Automation Engine and scripting languages.Experience automating security tasks using Python, Perl, or similar languages. Familiarity with endpoint protection tools such as CrowdStrike or similar.Exposure to cloud infrastructure and tools: AWS, Azure, GIT, Ansible, Puppet, Jenkins. Proven experience as both an individual contributor and a lead in implementing and managing endpoint/antimalware security solutions. Strong understanding of current security risks, vulnerabilities, and mitigation strategies. Knowledge of security best practices, common controls, and security products. Broad understanding of network, operating system, and application security fundamentals. O projekcie: Join a global Cybersecurity team and build solutions that protect the organization against an ever-changing threat landscape! We are looking for a Senior Security Engineer (Endpoint Security – Linux) to join our Global Cybersecurity Core Engineering team. This team is responsible for identifying, developing, and deploying global cybersecurity controls across the organization, leveraging assets, networks, and data to detect and mitigate threats. In this role, you will work closely with IT Infrastructure Delivery (ITID) teams and ensure the secure deployment of security technologies across the enterprise. Sounds like your kind of challenge? Zakres obowiązków: Collaborate with Linux management teams, Cybersecurity, and other IT teams to develop solutions that protect the organization. Design and implement service offerings, capability enhancements, and process improvements to address evolving threats. Provide thought leadership and subject matter expertise on Cybersecurity, Endpoint Security, and Antimalware solutions. Review and document the current technology baseline, define target architecture, and perform gap analysis. Re-engineer processes using new technologies to improve performance and security posture. Deliver centralized, global cybersecurity services to reduce costs and improve efficiency. Implement and maintain an effective engagement model across regions, global businesses, and functions. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 5 days per month in Kraków office Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: 5+ years of experience in a Security Operations Center (SOC) or similar role with hands-on experience with SIEM tools (e.g., Sentinel, QRadar, ArcSight). Proficient in Python for automation and scripting. Strong understanding of Incident Response processes and methodologies and experience with MITRE ATT&CK framework to map and analyse threats. Knowledge of Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, Carbon Black, SentinelOne). Familiarity with threat hunting techniques and processes. Certifications such as GSEC, CISSP, OSCP, MaD are preferred. O projekcie: As a Senior SOC Engineer you will be responsible for monitoring, analysing and responding to security threats, using tools like SIEM and EDR platforms. You’ll lead the team in incident detection and response efforts, ensuring swift containment and recovery. Your role involves automating security workflows using Python to enhance efficiency and leveraging the MITRE ATT&CK framework to map and analyse threats and create a staged visualization of the relevant attacks that potentially will materialize. You will play a vital role as we reimagine the labour market to make it work for everybody. Zakres obowiązków: Analyse security data from diverse sources, including logs, EDR solutions, and network traffic, to identify and assess threats. Coordinate and lead security incident response efforts, including containment, eradication, and recovery. Develop and implement automation scripts and playbooks using Python to streamline incident detection, response, and reporting processes. Automate security alert triage, enrichment, and remediation workflows to reduce response time and improve efficiency. Use the MITRE ATT&CK framework to classify attack vectors, understand adversary behaviour, and enhance detection capabilities. Map security incidents and alerts to the MITRE ATT&CK tactics, techniques, and procedures (TTPs) for comprehensive analysis. Manage and configure EDR platforms for real-time endpoint monitoring and protection. Oferujemy: Premium medical and dental care Life insurance Flex Benefits - Worksmile Cafeteria System (Multisport, vouchers, tickets etc.) Employee Referral Program Hackathons, Knowledge Sharing Hours, In-house projects Tech and sport communities Events and integration parties Charity initiatives, 2 extra volunteer days English/German classes Game room and chillout zone

Nasze wymagania: Proven experience in penetration testing or purple teaming. Strong knowledge of: Exploit development TTP review and execution Vulnerability identification and exploitation Malware packing, obfuscation, persistence, and exfiltration techniques Bypassing security controls (DLP, Endpoint Protection, Firewalls, IDS/IPS, Web Proxies) Experience in tooling, automation, and prototyping. Familiarity with source code review. Excellent communication and stakeholder engagement skills. Strong teamwork and ability to work in a global environment. Fluent English (written and spoken). Education: Degree-level education or equivalent experience (desirable). Mile widziane: Certifications: Relevant cybersecurity certifications are a plus. O projekcie: We are looking for a Senior Purple Teamer to join our newly established Purple Team within the Cybersecurity Research and Offensive Security (CROS) function. This is an exciting opportunity to work in a dynamic, innovative environment where you will simulate real-world attacks, perform collaborative purple team testing, and develop cutting-edge techniques to identify vulnerabilities across people, processes, and technology. The Purple Team focuses on Continuous Purple Teaming, large-scale collaborative testing, and replaying attack paths used during Attack Simulations or Regulatory Threat-Led Penetration Tests (TLPTs). You will work closely with Red Team, Threat Intelligence, and Security Research teams to design and execute advanced Tactics, Techniques, and Procedures (TTPs). Sounds like your kind of challenge? Zakres obowiązków: Deliver purple team exercises across services to ensure robust security controls. Research, prepare, and execute TTPs based on real-world threat intelligence. Collaborate with Red Team and other cybersecurity functions to enhance resilience. Stay ahead of emerging threats and continuously innovate security testing approaches. Provide subject matter expertise and guidance to stakeholders across global businesses and functions. Engage with specialist technology teams, including Cybersecurity Technology, Operations, and Security Architecture. Ensure adherence to operational controls, compliance standards, and internal policies. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 6 days per month in the office (Kraków) Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: 4+ years of experience in cybersecurity, specifically within network security and access control domains. Deep understanding of network access control technologies, security threats, and risk management. Strong knowledge of network design, firewall configurations, load balancing, and segmentation techniques. Excellent communication skills, capable of engaging technical and non-technical audiences. Proven experience guiding teams and supporting organizational cybersecurity maturity. Proficiency in Office applications (Excel, Word, PowerPoint). Mile widziane: Bachelor’s degree in Computer Science, Engineering, or Cybersecurity. Industry certifications such as CISSP, CISM, CCNA, or CCIE. Scripting skills in Python, Perl, or similar languages. Familiarity with cloud security concepts and security operations tools (SIEM, incident response platforms). O projekcie: As a Senior Principal Cybersecurity SME – Network Access Control, you will be working for our client, a global leader in financial services, dedicated to safeguarding digital assets and advancing innovative security solutions. In this role, you'll shape and drive strategic initiatives to enhance network security controls, safeguarding the organization against evolving threats and risks. This opportunity offers a platform for leadership, innovation, and career growth in a dynamic, regulated environment. Unleash the Power of Cybersecurity — Lead the Future of Network Access Control! Krakow-based opportunity with hybrid work model. Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Lead the delivery of subject matter expertise in Network Access Control, providing strategic guidance and technical consultancy to internal stakeholders. Review and advise on business and IT projects to ensure network security controls are aligned with best practices and organizational standards. Identify, evaluate, and mitigate network security risks, proposing innovative solutions to enhance the organization’s security posture. Collaborate with cross-functional teams and communicate complex technical concepts effectively across management levels. Analyze security data, logs, and network telemetry to support decision-making and demonstrate control effectiveness. Coach and mentor junior team members, sharing expertise and facilitating their professional development. Lead complex projects and engagements, ensuring timely and high-quality delivery in a fast-paced environment. Maintain awareness of industry best practices and evolving security threats to continuously improve security strategies. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: At least 4 years of demonstrable experience in penetration testing, with a strong technical background. Solid understanding of platform security models for iOS and Android. Expertise in mobile application security risks, web vulnerabilities, and infrastructure assessment. Hands-on experience with manual and automated security testing tools and methodologies. Programming/scripting skills in relevant languages (e.g., Java, Kotlin, Objective C, Swift). Strong TCP/IP knowledge and understanding of security implications. Fluent in English, with excellent communication skills suitable for technical and non-technical audiences. Ability to work independently or lead small teams of penetration testers. Mile widziane: Relevant security certifications (e.g., OSCP, CISSP). Experience with security testing frameworks such as OWASP MASVS and MSTG. Knowledge of cloud-hosted applications and services. Experience with secure software development lifecycle and reverse engineering. O projekcie: As a Senior Penetration Tester – Cybersecurity & Offensive Security, you will be working for our client, a global leader in cybersecurity research and offensive security. You will play a critical role in safeguarding financial institutions by proactively identifying vulnerabilities, testing defenses, and driving security innovation across diverse technologies. This position offers a unique chance to impact security leadership and advance your career in a forward-thinking environment. Unleash the Future of Cybersecurity — Lead the Charge in Penetration Testing! Krakow-based opportunity with hybrid work model (up to 3 days remote per week). Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Lead and perform sophisticated penetration testing activities on custom mobile applications, infrastructure, web services, and APIs, including manual assessments and source code reviews. Document root causes and risk analyses of vulnerabilities clearly and professionally. Follow and improve security testing processes, raising gaps and opportunities for enhancing testing methodologies. Collaborate with DevOps teams to automate testing tasks and integrate security controls into CI/CD pipelines. Develop a deep understanding of business functionalities to tailor testing approaches to specific risks. Demonstrate and code proof-of-concept exploits when needed to validate vulnerabilities. Coordinate security testing projects, including creating test plans, cases, and reports. Advise on vulnerability remediation, control implementation, and secure development practices. Assess release risks and identify misuse scenarios based on business requirements. Track, remediate, and document security vulnerabilities and support risk acceptance procedures. Ensure compliance with security policies and regulatory standards. Evaluate new security testing technologies and keep abreast of industry research. Mentor junior team members and contribute to process improvements. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: Minimum 3 years of hands-on penetration testing experience. Expertise in at least one penetration testing domain (infrastructure, applications, or mobile). Strong understanding of iOS and Android security models and common vulnerabilities in mobile and financial applications. Practical experience with infrastructure, web, and mobile penetration testing using manual and automated methods. Excellent knowledge of TCP/IP and related security implications. Strong web application testing experience. Proven programming/scripting skills. Understanding of applied cryptography in application development. Ability to explain security concepts to both technical and non-technical audiences. Excellent English communication skills (written and verbal). No mandatory certifications, but relevant industry certifications are a plus. Critical thinking and problem-solving abilities. Ability to work independently and manage time effectively. Entrepreneurial mindset and adaptability in loosely defined scenarios. O projekcie: Are you passionate about uncovering vulnerabilities and making systems more secure? Join us as a Senior Penetration Tester! As a Senior Penetration Tester, you will provide subject matter expertise in penetration testing to support global cybersecurity initiatives. You will lead and perform penetration tests across a wide range of technologies, identify vulnerabilities, and clearly articulate risks to the business. This role involves working within virtual teams of security and technical specialists, mentoring junior team members, and contributing to the continuous improvement of cybersecurity services and processes. Sounds like your kind of challenge? Zakres obowiązków: Design, lead, and execute penetration tests across various technologies. Perform manual penetration testing, source code reviews, and configuration assessments for mobile apps, infrastructure, networks, web services, and APIs. Document findings with clear root cause and risk analysis. Represent the cybersecurity function as a technical SME in internal and external discussions. Collaborate with stakeholders to enhance cybersecurity strategy and ensure compliance with internal and external requirements. Mentor and guide less experienced team members. Continuously improve testing processes and remove inefficiencies in line with the cybersecurity strategy. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

O projekcie: About Spyrosoft Spyrosoft is an authentic, cutting-edge software engineering company, established in 2016. In 2021 and 2022, we were among the fastest growing technology companies in Europe, according to the Financial Times. We were founded by a group of tech experts with established backgrounds in software engineering, who created an ‘engineer-to-engineer’ workplace, powered by enthusiasm, fairness and authentic relationships. Having a unique offering, which bridge the gap between technology and business, we specialise in technology solutions for industry 4.0, automotive, geospatial, healthcare & life sciences, employee experience & education and financial services industries. Founded in 2016Co-workers 1800+Turnover 104M Wymagania: - Experience in the various industries such as Aerospace, automotive, Industry Control Sytems, Medical, DO-178C, ISO 26262, IEC 61508 as well as embedded software development and it's practical application in embedded systems development. - Familiar with safety analyses as FTA, FMEA, FMEDA and HAZOP - Experience with electronics/ systems/ software design and development of embedded systems. - Knowledge about development processes and quality management. - Self-motivated and self-dependent and confident, and you are open to take responsibility. - Solution oriented and keep track of your targets even in critical situations. - Good intercultural and communication skills, ready to represent our company in front of customers - Understanding and experience of tools and methods allocated for the role. - Fluent in English and optionally German, both written and spoken. - Polish - Fluent/Native - Willingness to go through the mandatory personal security clearance verification procedure or having personal security clearance up to level NATO Secret/Tajne - Willingness to go through mandatory checks required to be admitted to work with defense-related technologies. - Willingness to work predominantly from Spyrosoft's Wrocław office. The candidate will be required to undergo personal security clearance and procedures for admission to work with defence-related technologies (Koncesja MSWiA). Additional Advantages - Experience in working with public administration, defence, and/or security industry - Knowledge of NATO/STANAG standards Codzienne zadania: - Support our projects in the role of functional safety engineer for initial concept development, software products and project setup for R&D or customer projects. - Create, maintain and refine all artifacts around functional safety, e.g. DIA, safety plans, safety requirements, technical safety concepts, technical architectures, requirements for hardware and software. - Definition of the safety functions (specialty: function development) - Perform safety analyses, e.g. FTA, HAZOP, and support the development of suitable architectures. - Present and defend safety concept and process to customers and auditors - Define safety requirements on all levels of development (concept, system, hw, sw, manufacturing etc..) - Implement and maintain a functional safety process and support the definition and improvement of processes, methods and tools for functional safety. - Provide technical leadership for Safety Standards and Safety Analyses, including checking and approving analyses performed by others. - Manage and perform tool and software classification and qualification. - Prepare and support safety assessments and audits for safety relevant projects. - Support execution of safety related tests (e.g. Fault Injection Tests) - Assist in the development of new system features, components and diagnostic algorithms that will improve the safety or reliability of the system or improve the coverage of the built-in protection systems. - Proactively engage project teams ensuring safety is appropriately comprehended in product development process. - Actively support all projects with analysis and expert advice

Nasze wymagania: Ansible lub inne narzędzia do automatyzacji/Infrastructure as code, Kubernetes, Proxmox/KVM, nginx, HAProxy, MySQL/Percona XtraDB Cluster, RabbitMQ, Redis, Zabbix, IPSec, BIND, Bash, GitLab CI/CD, Doświadczenie z chmurami publicznymi (preferowany AWS), Zagadnienia bezpieczeństwa aplikacji webowych, OWASP, SAST, SCA, DAST/IAST, Runtime security. Mile widziane: Doświadczenie programistyczne (języki interpretowane, np. PHP, Python), Doświadczenie w SOC (Security Operations Center), Przeprowadzanie testów penetracyjnych, GitOps, WAF, Praca z narzędziami GRC, modelowania zagrożeń, lub analiza ryzyka, Plany Disaster Recovery. Zakres obowiązków: Administrowanie, rozwój oraz monitorowanie infrastruktury IT (Linux). Udział w procesie rozwoju oprogramowania od pomysłu do end-of-life. Wdrażanie podejścia "shift left", wsparcie zespołów programistów i QA. Bezpośrednia praca z CTO nad programem bezpieczeństwa (Information Security Program). Tworzenie dokumentacji. Oferujemy: Pracę zdalną w pełnym wymiarze godzin. Pracę przy rozwoju innowacyjnych projektów dla branży ubezpieczeniowej. Pracę w dynamicznym, młodym zespole (ok. 20 osób). Zależy Ci na jakimś beneficie? Daj nam znać.

O projekcie: Project description: We're looking for a Senior Cybersecurity Engineer with a strong background in designing, implementing, and validating security mechanisms across diverse systems and environments. The ideal candidate will have deep expertise in cybersecurity engineering principles, secure architecture, risk assessment, and vulnerability management, supported by strong analytical and problem‑solving skills. Experience with embedded systems security is highly desirable and considered a significant advantage. This role requires excellent communication skills to translate complex technical risks into clear, actionable recommendations for engineering teams and stakeholders. Tech stack: - Secure boot, firmware security, OTA - Cryptography (AES, RSA, ECC) & hardware security (TPM, HSM, TrustZone) - Embedded interfaces & protocols: CAN, LIN, Modbus, BLE, Wi-Fi, TCP/IP, NFC - Hardware interfaces: JTAG, UART, SPI, I²C - Cloud IoT platforms & secure communication: AWS/Azure/GCP IoT, TLS/DTLS, MQTT(S), SSH, TLS, IPSEC - Secure code review (C/C++, Rust, Python) & DevSecOps / CI/CD security Wymagania: - Proven experience in designing security solutions for embedded systems, IoT devices, and cloud-connected architectures - Strong background in identifying, exploiting, and documenting security weaknesses across a broad range of environments - Deep understanding of embedded security attack vectors: side-channel attacks, fault injection, firmware tampering, replay attacks, MITM Experience with vulnerability scanning, fuzzing, exploit development, and hardware-level security assessment - Solid knowledge of secure communication protocols, cryptography, secure mechanisms used in embedded, secure firmware design, cybersecurity testing - Ability to translate complex technical findings into clear, actionable recommendations for both technical and non-technical stakeholders - Familiarity with risk assessment frameworks such as ISO 21434, IEC 62443, ISO 27005, IEC 81001-5-1, UL 2900, DO‑326A - Understanding of data protection requirements (GDPR / HIPAA) in cloud-integrated IoT ecosystems - Experience with secure SDLC, DevSecOps, and CI/CD security practices - Strong analytical, problem-solving, and communication skills - Relevant certifications is must, such as OSCE, OSCP, GPEN, CompTIA PenTest+ - Polish - Fluent/Native - Willingness to go through the mandatory personal security clearance verification procedure or having personal security clearance up to level NATO Secret/Tajne - Willingness to go through mandatory checks required to be admitted to work with defense-related technologies. - Willingness to work predominantly from Spyrosoft's Wrocław office. The candidate will be required to undergo personal security clearance and procedures for admission to work with defence-related technologies (Koncesja MSWiA). Additional Advantages - Experience in working with public administration, defence, and/or security industry - Knowledge of NATO/STANAG standards

Nasze wymagania: At least 5 years of experience in cybersecurity, full stack engineering, or related fields Proficiency in Python scripting and web programming Experience working within cybersecurity, development, or operations environments Knowledge of Data, Network, and Endpoint security domains Strong understanding of software architecture, design, and development Full stack programming skills, including front-end/UI development (e.g., HTML, CSS, JS) and supporting tools like Figma, Wireframing Hands-on experience with CI/CD pipelines, DevOps, and agile methodologies Expertise in API design standards (Swagger, OpenAPI 3.0), REST, SOAP, JSON, and microservices architecture Familiarity with authentication and authorization mechanisms Experience with databases such as MSSQL, PostgreSQL, or MongoDB (desirable) Working knowledge of Windows/Linux/UNIX environments Excellent communication skills in English, both spoken and written A flexible, adaptable approach to change, and a proactive teamwork mindset Mile widziane: Additional certifications related to cybersecurity or DevOps Experience with system and application administration O projekcie: As a Senior Cybersecurity Automation & Integration Engineer – Full Stack & DevOps, you will be working for our client, a leading financial institution investing heavily in cybersecurity. You will be part of a dynamic, cross-disciplinary team responsible for delivering automation and integration solutions focused on product integration, data handling, and user interfaces. This is your chance to contribute to cutting-edge security initiatives while advancing your career in a forward-thinking environment. Unleash innovation in cybersecurity — drive automation and integration that shape the future! Krakow-based opportunity with hybrid work model Only candidates with an existing legal right to work in Europe will be considered for this role Zakres obowiązków: Collaborate within a team to perform sustainable continuous improvements, addressing organizational barriers that impact processes and products Work closely with stakeholders, product SMEs, and project managers to identify, plan, and deliver innovative engineering solutions Maintain an agile mindset, following best practices such as Lean, JIRA, and other Bank tools to support efficient delivery in new engineering pods Understand and implement the Cybersecurity strategy aligned with product management directions Design, develop, and automate end-to-end infrastructure solutions for web and application platforms, including on-premises and container-based environments Investigate, troubleshoot, and resolve technical issues across various environments: DEV, UAT, Production, and Contingency Support technical development within the team, including mentoring and knowledge sharing Ensure compliance with technology controls, processes, and standards, actively managing progress, dependencies, and risks Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours & remote work

Nasze wymagania: At least 5 years of experience in cybersecurity areas such as networks, applications, incident response, 3rd‑party management, and operational processes Experience in at least one business area (e.g., manufacturing, finance, e‑commerce, HR, legal, supply chain, sales) Basic understanding of cloud security (Azure / AWS) and common risks Ability to work under pressure and make clear decisions Strong business communication skills and the ability to explain technical topics in simple terms General understanding of IT systems and secure practices Awareness of key cyber processes and risk principles Experience coordinating security‑related actions or projects Fluency in English Residing in Poland required O projekcie: We are looking for a Senior Cyber Security Consultant to support cyber resilience activities in a large, global company from the FMCG sector. In this role, you will guide local teams, coordinate security actions, and make sure key cyber processes run smoothly. It’s a good fit if you like a mix of analysis, coordination, and communication. Zakres obowiązków: Be the main contact point for cybersecurity topics in the region Monitor security issues and report risks Coordinate security remediation plans for systems, applications, and infrastructure Keep asset information up to date in internal tools Support maintaining the application inventory Track and deliver agreed cyber KPIs Manage risk assessments for regional projects Work with IT teams to ensure secure processes and good practices Report progress to stakeholders and provide regular updates Oferujemy: Great Place to Work since 2015 - it’s thanks to feedback from our workers that we get this special title and constantly implement new ideas Employment stability - revenue of PLN 2.1BN, no debts, since 2006 on the market We share the profit with Workers - over PLN 76M has already been allocated for this aim since 2022 Attractive benefits package - private healthcare, benefits cafeteria platform, car discounts and more Comfortable workplace – class A offices or remote work Dozens of fascinating projects for prestigious brands from all over the world – you can change them thanks to Job Changer application PLN 1 000 000 per year for your ideas - with this amount, we support the passions and voluntary actions of our workers Investment in your growth – meetups, webinars, training platform and technology blog – you choose Fantastic atmosphere created by all Sii Power People

Our client is a rapidly growing company specializing in cybersecurity, providing comprehensive data and IT system protection solutions. With advanced services such as penetration testing, security audits, compliance audits, and specialized services in Network Access Control, this company ensures the highest level of operational security and compliance with legal regulations for its clients. As a leading expert in cybersecurity in Central Europe, our client focuses on technological innovations, education, and awareness in IT, offering training and support for businesses and government institutions. Through its R&D Lab team, the company conducts research on new technologies, creating tools for penetration tests and designing secure communication channels. The company is open to collaboration with experienced cybersecurity professionals, offering the opportunity to work on groundbreaking projects and have a real impact on raising security standards in the digital world. If you are passionate about cybersecurity, join the team of industry leaders and develop your skills in an environment of experts. Security Researcher (hardware and software) We offer: - Attractive remuneration (b2b or contract of mandate) - Real opportunity for professional development - Participation in interesting and unique projects Responsibilities: - Reverse engineering software and hardware - Manufacturing own electronic tools Requirements: - Ability to quickly learn new tools and technologies - Experience in software reverse engineering, including: - working with tools like Ghidra or IDA Pro - Debugging using GDB, WinDbg, x64dbg - Knowledge of x86-64 architecture - Proficiency in low-level programming languages (C, C++, Rust) - Ability to write scripts in Python - Familiarity with containerization technologies (Docker) - Experience working with version control system Git - Understanding of networking concepts and protocols (IP, TCP, UDP, HTTP) and tools like Wireshark and tcpdump - English language proficiency for reading documentation - Polish citizenship Additional advantages: - Experience with SDR devices - Knowledge of industrial automation systems (PLC) - Experience in fuzzing and binary exploitation - Working with drones (FPV, DJI) - Experience in designing and manufacturing electronics (PCB, soldering) - Knowledge of the Android ecosystem and reverse engineering of mobile applications - Understanding of Linux or Windows system architecture and mechanisms - Experience with CAD tools (e.g., Fusion 360, OpenSCAD) - Knowledge of embedded systems (RTOS) - Familiarity with the Nix/NixOS ecosystem - Security clearance - Knowledge of operational security techniques - You will fit perfectly into our team if: - You participate in CTF competitions - You subscribe to YouTube channels such as: technology connections, phil's lab, asianometry, styropyro, not an engineer, project farm, level1techs, Ben Eater, Joshua Bardwell, EEV Blog - You have a homelab - You frequently order electronics from Aliexpress - You use a 3D printer - You want to have a memeboard (we will show you on the spot) - You are fascinated by the Impuls train locks - You are familiar with undocumented CVEs

Nasze wymagania: Experienced in similar position (IT Security and Cyber Security), ideally in SOC/CSIRT Mastered knowledge of UNIX & MAC environments, common network protocols, Microsoft environment and SIM3 / ITIL SIEM tools High analytical skills and mindset Ability to establish and activate people networking Ability to collaborate with the team, coordinate a meeting, seminar, committee, training, Great communication skills (oral and writing) in English University education is a must: Master’s degree in IT and related area O projekcie: BNP Paribas, the leading bank in the European Union and a leading international player, is seeking to reinforce its existing teams in the areas of IT risk management, cybersecurity, and the fight against digital fraud. The evolving Cyberthreats landscape increases the security risk of financial sector, that leads BNP Paribas to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience. As a SOC/CSIRT (Computer Security Incident Response Team) analyst, you will be part of the CIB IT Hub Cybersecurity department in Poland. You will play a key role to develop Poland platform, ensuring core Cybersecurity, IT Risk and Operational Resilience activities are performed with the required efficiency and quality to protect BNP Paribas. Zakres obowiązków: Handle and document end-to-end security incidents and events Coordinate with different teams/entities to respond to cyber security incidents and to provide reporting on the CSIRT operations Learn from past and present events to continuously improve the group’s response capabilities Carry out analyses and gather information when alerts and security incidents have an impact on entities of the Group Understand, analyze, and explain attacks techniques Contribute to crisis cells Contribute to the vulnerability management process and ensure SLA adherence Contribute to Group’s projects and operation automations Contribute to Threat Intelligence activities Define and analyze SIEM alerts Enrich the team knowledge base and information security systems processes in accordance with the Group’s policies Oferujemy: Hybrid work mode, 50% working from home within a month Equivalent for remote work expenses (120 PLN per month) Stable employment in the international company Fully paid private medical care for employee Pre-paid lunch card Employee Pension Plan Co-financed Multisport Card MyBenefit Cafeteria Platform Life insurance Car parking availability in the office building Trainings and development opportunities

Nasze wymagania: A bachelor’s/Master’s degree (preferably in computer science, information systems, or a related field) a master’s degree is often preferred. Proven experience in data governance, data management, or a related field, with a strong understanding of data protection regulations and best practices. Excellent analytical, problem-solving, and communication skills, with the ability to work collaboratively across departments and influence stakeholders. Awareness of regulatory frameworks such as GDPR or DORA (practical exposure is an advantage). Strong analytical skills with the ability to communicate effectively with diverse stakeholders. Proactive, open-minded, and willing to continuously develop security expertise. High integrity and a strong sense of responsibility. Fluency in English; German is a plus. Zakres obowiązków: Data Governance Framework: Design and implement a comprehensive data governance framework that aligns with organizational goals and regulatory requirements. Policy Development: Develop and enforce data governance policies, standards, and procedures to ensure data quality, security, and compliance with laws such as GDPR. Collaboration: Work closely with IT, business units, and senior management to create and monitor data governance initiatives and ensure adherence to data-related policies. Data Quality Management: Monitor and assess data quality, conducting regular audits and implementing improvements as necessary to maintain high standards. Training and Awareness: Provide training and support to staff on data governance practices and the importance of data management within the organization. Reporting: Report on the progress of data governance initiatives to stakeholders, highlighting areas of success and opportunities for improvement. Oferujemy: Private health care and travel insurance Life insurance Cafeteria Platform and sports package Company Pension Benefits – Employee Savings Plan Attractive Employee Referral Bonus Program Additional day off for charity Holiday subsidy („wczasy pod gruszą”) Internal German language lessons Possibility of working from home

Nasze wymagania: 1-3 years of experience in similar/close to similar role and in close collaboration with 2LOD, 3LOD and business stakeholders Experience with risk and controls management methodology and able to identify and document controls for identified risks Good understanding of Business Continuity and Crisis Management framework and processes Hands-on experience for project documentation, preparation of presentation and delivery documents Role will require extensive collaboration across different teams, and perspectives and rationalizing those inputs will be required Good knowledge of compliance and structure of 3LOD in FSI entity Good communicator and ability to develop material, such as processes, procedures, policies or frameworks Ability to manage broad set of stakeholders Understanding of or experience with ICT or Cyber regulation Must have worked with internal controls before in FSI sector Zakres obowiązków: Establish and integrate operational controls within BCCM framework using Nordea Group guidelines for controls framework Provide support to Delivery lead with running of day-to-day project activities and manage relationship with key stakeholders Review and understand BCCM related audit issues where operational controls are required as part of issue closure criteria Work in close collaboration with BCCM RRP WS to establish controls as required by internal and external auditors Prepare list of Nordea Guidelines, EBA guidelines and other regulatory requirements as relevant to establish need/requirement to document operational controls Maintain risk and control documentation, and update continuously as project matures Support delivery lead with documentation of controls after carefully reviewing and understanding BCCM and ITSCM processes Support Technology Risk Management team (1LoD), BCCM 1st LoD and BCCM RRP to implement controls Keep track of all open actions coming out of meetings, plan follow-up actions and support Delivery lead with timely updates Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: Deep understanding of network design and security technologies: firewalls, IDPS, content filtering, load balancing, DDoS, NAC, WAF, and network segmentation. Strong knowledge of network security threats, risks, and mitigation strategies. Excellent communication and interpersonal skills, with experience engaging technical leaders and management. Ability to work collaboratively across teams and regions, managing multiple priorities in a fast-paced environment. Experience leading projects and engagements independently. Proficiency in Office applications (Excel, Word, PowerPoint). Extensive experience in data networks and security design/engineering, preferably in a highly regulated environment. Proven ability to analyze data from multiple sources and provide actionable insights. Mile widziane: Bachelor’s degree in Computer Science, Engineering, or Cybersecurity. Industry certifications (e.g., CISSP, CISA, CISM, CCNA, CCIE). Scripting skills (Python, Perl, or similar). Familiarity with cloud security concepts and security operations tools (e.g., SIEM, incident response). Knowledge of Agile/DevOps methodologies and IT service management principles. O projekcie: Shape the future of Network Security! Join a global Cybersecurity team and provide expert consultancy to strengthen defenses against evolving threats. We are looking for a Principal SME – Network Security Consultancy to join our Cybersecurity Technology and Engineering organization. This role is part of the Network Security function, providing subject matter consultancy, thought leadership, and project delivery for network security controls and initiatives. You will focus on network security products, solutions, architecture, and best practices, applying them to real-world challenges as the organization seeks to maintain and improve its network security posture. Sounds like your kind of challenge? Zakres obowiązków: Provide expert advice and guidance on network security controls for Business and IT projects. Identify and drive opportunities to improve network security posture based on current control and technology environments. Analyze network and cybersecurity data (e.g., system logs) to support decision-making and evidence control effectiveness. Lead complex engagements, representing Network Security interests and acting as a delegate for the team lead when required. Collaborate with internal stakeholders across Cybersecurity, IT, and other functions to ensure alignment and effective delivery. Continuously reassess network security risks, ensuring compliance with policies, standards, and regulatory requirements. Mentor and guide junior team members, sharing knowledge and best practices. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 5 days per month in Kraków office Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: In-depth knowledge of network design, firewalls, IDPS, WAF, NAC, DDoS, load balancing, and network segmentation technologies. Strong understanding of network security threats and risk management. Experience analyzing cybersecurity data and logs. Excellent communication and interpersonal skills, with the ability to influence and collaborate across teams. Proven ability to manage multiple tasks in a fast-paced environment. Experience leading projects and providing technical guidance. Ability to work effectively in a geographically dispersed team. Mile widziane: Bachelor’s degree in Computer Science, Engineering, or Cybersecurity. Industry certifications (CISSP, CISA, CISM, CCNA, CCIE). Scripting skills (Python, Perl, or similar). Familiarity with cloud security concepts and security operations tools (SIEM, incident response). Knowledge of Agile/DevOps methodologies and IT service management principles. O projekcie: We are looking for an experienced Principal SME – Network Security Consultancy to provide subject matter expertise, thought leadership, and project delivery in the area of network security. This role involves working closely with technology and business teams to ensure compliance with security requirements, identify risks, and implement best practices to protect against network-based threats. The position is part of the Network Security team within the Cybersecurity Technology and Engineering organization, delivering security technology controls consultancy services across the enterprise. Sounds like your kind of challenge? Zakres obowiązków: Provide expert consultancy on network security for IT and business projects, ensuring control requirements are met.Identify and drive opportunities to improve the organization’s network security posture. Analyze network security threats and risks, proposing effective solutions. Review and interpret network and cybersecurity data (e.g., system logs) to support decision-making and validate control effectiveness. Build and maintain strong relationships with Cybersecurity teams, Global Defence, Operations, and other key stakeholders. Lead and support projects, including taking ownership of complex engagements. Mentor and guide junior team members, fostering knowledge sharing and continuous improvement. Ensure compliance with internal standards and contribute to process optimization. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 5 days per month in Kraków office Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: Strong stakeholder management and ability to communicate complex technical concepts to diverse audiences Excellent understanding of cybersecurity principles, network security controls, and compliance requirements Extensive knowledge of network infrastructure hardening requirements Experience securing DDI products, network layer encryption services, and network management solutions Background in information systems, architecture, and defense-in-depth capabilities Familiarity with industry cybersecurity frameworks and standards Experience working in integrated on-prem and cloud environments, including SaaS connectivity Strategic thinker with strong analytical and problem-solving skills Ability to manage multiple concurrent workstreams and adapt to changing priorities Excellent communication and interpersonal skills Collaborative mindset and willingness to share knowledge Mile widziane: Relevant certifications in cybersecurity, risk management, and network technologies O projekcie: We are looking for a Principal SME – Network Security Requirements Analyst to join our Global Defense Engineering team. This role is critical in defining and maintaining network security control requirements and standards, ensuring alignment with industry best practices, cybersecurity frameworks, and regulatory compliance. You will act as a security subject matter expert (SME) for network services, management platforms, and secure baseline configurations, supporting the organization’s mission to enable safe and secure business operations globally. Zakres obowiązków: Collaborate with Control Owners to define and maintain network security control requirements aligned with risk appetite Support NSEC Capability Leads in developing and validating domain standards and ensuring traceability to technology configurations Act as SME for network services security (e.g., DDI – DNS, DHCP, IPAM, NTP) and network management platforms (monitoring, alerting, configuration management) Define and maintain secure baseline configurations for network infrastructure and services Provide guidance and education to stakeholders on control requirements and compliance Analyze network and cybersecurity data to support decision-making and evidence control effectiveness Drive continuous improvement in network security posture and ensure compliance with global standards Build knowledge-sharing resources and FAQs for service delivery teams Note: Detailed project information will be shared during the recruitment process. Oferujemy: We are open to the employment form according to your preferences Work with experienced and engaged team, willing to learn, share knowledge and open for growth and new ideas Hybrid working system (Warsaw/Cracow) Mindbox is a dynamically growing IT company, but still not a large one – everybody can have a real impact on where we are going next We invest in developing skills and abilities of our employees We have attractive benefits and provide all the tools required for work f.e. computer Interpolska Health Care, Multisport, Warta Insurance, training platform (Sages)

Nasze wymagania: Proven experience in Purple Teaming, Penetration Testing, and Attack Simulation. Strong team leadership and stakeholder management skills. Expertise in vulnerability identification, exploit development, and security control bypass techniques. Knowledge of malware obfuscation, persistence, exfiltration, and evasion tactics. Experience with tooling, automation, and source code review. Excellent communication skills in English (written and spoken). Degree in a relevant field or equivalent experience (preferred). Mile widziane: Industry certifications (e.g., OSCP, OSCE, CREST, GIAC). Participation in the cybersecurity community and research initiatives O projekcie: Are you passionate about offensive security and eager to make a real impact in protecting one of the world’s leading financial institutions? This is your chance to join a Global Red Team and be part of our newly established Purple Team, working on cutting-edge security initiatives. As a Principal Purple Teamer, you will play a key role in Cybersecurity Research and Offensive Security (CROS), focusing on Continuous Purple Teaming, large-scale collaborative testing, and replaying attack paths used during Attack Simulations or Regulatory Threat-Led Penetration Tests (TLPTs). You will lead Purple Team assessments, research and execute Tactics, Techniques, and Procedures (TTPs), and collaborate with Red Team, Threat Intelligence, and Security Research teams. This role requires strong leadership, technical expertise, and the ability to engage with diverse stakeholders to minimize operational risk while driving innovation. Sounds like your kind of challenge? Zakres obowiązków: Lead and deliver Purple Team exercises across services to identify vulnerabilities and improve security posture. Collaborate with stakeholders to define objectives, scope engagements, and ensure risk is managed effectively. Research and develop attack simulations, leveraging real-world threat intelligence. Provide subject matter expertise to global teams and influence security strategy. Stay ahead of emerging threats, techniques, and tools used by adversaries. Drive innovation in security testing and automation. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 6 days per month in the office (Kraków) Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: At least 4 years of hands-on experience in application security, with a focus on WAF rule deployment and cloud-native security solutions. Practical experience with at least one major cloud provider (AWS, Azure, GCP) and their native WAF and DDoS protection mechanisms. Strong knowledge of web security, including signatures, threat mitigation, and false positive management. Experience in working across organizational teams to implement security configurations and respond to security incidents. Ability to produce clear documentation, procedural guidelines, and provide training or guidance to development teams. Basic certifications in cloud technologies such as AWS Certified Security – Specialty, or equivalent is a plus. Familiarity with logging and alerting tools like Splunk or similar. Mile widziane: Industry-recognized certifications (AWS, GCP, Azure). Experience operating in highly regulated industries such as financial services. Additional knowledge of open-source or industry-standard security frameworks. O projekcie: As a Principal Application Security Engineer – Cloud Security & WAF, you will be working for our client, a major player in cybersecurity, dedicated to safeguarding web applications and cloud infrastructure across financial services. Your expertise will help shape resilient security measures, defend against advanced threats, and innovate industry standards in web application protection. This role offers an exciting career path within a global organization committed to continuous innovation. Unleash the future of web security — lead the charge in protecting digital realms with cutting-edge application defense! Krakow-based opportunity with hybrid work model (up to 3 days remote per week). Only candidates with an existing legal right to work in Europe will be considered for this role. Zakres obowiązków: Develop, deploy, and optimize Web Application Firewall (WAF) rules across cloud platforms such as AWS, Azure, or GCP, ensuring robust protection against Layer 7 DDoS attacks. Collaborate with cross-functional teams to implement security baselines and integrate central security capabilities, including SIEM and incident response systems. Monitor attack signatures and false positives using native cloud logging and alerting solutions; respond effectively to cyber-attacks. Provide guidance on web application security best practices, including reviewing signatures and assisting developers with non-compliance issues. Produce procedural documentation and runbooks for secure deployment and incident management related to WAF configurations. Participate in maintaining compliance with cybersecurity standards and industry best practices through continuous learning and knowledge sharing. Support migration projects for services to cloud-native security rules and facilitate the application of central security policies. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: At least 5 years of demonstrable hands-on experience in penetration testing. Strong understanding of platform security models for iOS and Android. Expertise in mobile application security, web security, and infrastructure testing. Proficiency in manual and automated testing methods, and familiarity with SAST, DAST, IAST tools. Excellent communication skills in English (fluent level). Ability to lead teams independently, with strong time-management and problem-solving capabilities. Mile widziane: Programming/scripting skills (e.g., Java, Kotlin, Objective C, Swift). Relevant certifications in cybersecurity (e.g., OSCP, CISSP, CEH). Experience with secure application development, reverse engineering, or cloud security. Knowledge of industry standards such as OWASP MASVS and MSTG. O projekcie: As a Penetration Testing Senior Lead, you will be working for our client, a global leader in cybersecurity research and offensive security. Your expertise will help build advanced security assessment capabilities, guide teams through complex engagements, and shape strategic defenses against evolving cyber threats. This role offers a unique chance to influence cybersecurity standards on a global scale while advancing your leadership and technical skills in a vibrant international environment. Ignite the future of cybersecurity — lead innovative penetration testing initiatives that safeguard digital assets! Krakow-based opportunity with hybrid work model. Europe — only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Lead and manage penetration testing projects across diverse technologies, environments, and systems to deliver actionable security insights. Collaborate with regional and global Penetration Testing Leads to standardize processes, align strategies, and share best practices worldwide. Mentor and develop team members, encouraging technical excellence and professional growth within a collaborative culture. Oversee the entire testing lifecycle — from scoping and planning to execution and comprehensive reporting. Act as the primary point of contact for complex issues or client concerns, ensuring high satisfaction levels. Contribute to the continuous improvement of penetration testing methodologies and technical documentation. Stay current with emerging cyber threats, security trends, and testing tools to maintain a cutting-edge security posture. Work closely with internal stakeholders to proactively assess and address security risks, fostering a security-aware organization. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: Minimum 5 years of hands-on experience in penetration testing. Proven ability to lead teams and manage security projects. Expertise in at least two penetration testing domains (e.g., infrastructure, applications, mobile). Strong understanding of iOS and Android security models and common vulnerabilities in mobile and financial applications. Practical experience in testing infrastructure, web, and mobile technologies using manual and automated methods. Excellent knowledge of TCP/IP and related security implications. Strong web application testing experience. Proficiency in programming/scripting. Solid understanding of applied cryptography in application development. Ability to communicate effectively with both technical and non-technical audiences. No mandatory certifications, but relevant industry certifications are a plus. Critical thinking and problem-solving abilities. Excellent written and verbal communication skills in English. Strong time management and organizational skills. Ability to work independently and lead teams of any size. Mile widziane: Experience with PowerApps, Alteryx, Collibra Knowledge of DevOps practices and automated deployment Familiarity with data quality frameworks and monitoring tools O projekcie: The Penetration Testing Team Lead is responsible for managing and guiding a team of penetration testers, overseeing complex security engagements, and ensuring the delivery of high-quality, actionable results. This role involves close collaboration with other regional Penetration Testing Leads to align strategies, share insights, and maintain global best practices. The Team Lead will contribute to the development and enhancement of penetration testing methodologies, maintain the knowledge base, and mentor team members. The key objective is to proactively identify and mitigate security risks while strengthening the organization’s defenses against evolving cyber threats. Sounds like your kind of challenge? Zakres obowiązków: Lead and manage a team of penetration testers to conduct comprehensive security assessments. Ensure the delivery of high-quality reports and actionable recommendations. Develop and continuously improve penetration testing methodologies and best practices. Document findings, lessons learned, and security trends to enhance the organization’s knowledge base. Collaborate with regional and global Penetration Testing Leads to standardize processes and share expertise. Mentor and support team members, fostering a culture of knowledge sharing and professional growth. Work closely with internal stakeholders to assess and address security risks. Stay up to date with emerging threats, technologies, and attack techniques to maintain effective testing capabilities. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: Bachelor’s or Master’s degree in computer science, Software Engineering, Law, or a related field Minimum 4 years of experience in open-source license compliance, ideally in a regulated or product-focused environment Strong knowledge of permissive, weak copyleft, and strong copyleft licenses and their obligations Experience with SBOM standards (SPDX, CycloneDX) and tools such as FOSSA, Black Duck, ORT, or Syft Understanding of software architecture concepts and common dependency ecosystems (e.g., Maven, npm, PyPI, .NET, Go, Cargo, Helm) Familiarity with working with legal and business stakeholders, with the ability to clearly explain technical licensing topics Fluency in both Polish and English languages Residing in Poland required O projekcie: We are seeking an experienced and detail-oriented Open-Source Compliance Expert to join our team. This role bridges software engineering, legal, and compliance functions to ensure our use of open-source software (OSS) complies with licensing obligations and aligns with our product and business goals. You will primarily assess open-source license obligations based on Software Bill of Materials (SBOM) data across our commercial products. Additionally, you will collaborate with the legal department to support due diligence and contract assessments related to third-party software partnerships, supplier agreements, and joint development initiatives. Zakres obowiązków: Review and evaluate SBOMs (Software Bill of Materials) from internal teams and suppliers for open-source license compliance Classify and interpret open-source licenses (MIT, Apache, GPL, LGPL, AGPL, etc.) and identify legal or business risks Conduct impact analysis related to license incompatibilities and copyleft obligations Monitor and assess OSS component updates across development, release, and maintenance phases Collaborate with engineering, DevOps, and cybersecurity teams to embed compliance checks into CI/CD pipelines Support legal teams by reviewing software-related contractual clauses and third-party licensing terms Maintain internal OSS policies, documentation, and training materials, contributing to continuous process and tooling improvements Oferujemy: Great Place to Work since 2015 - it’s thanks to feedback from our workers that we get this special title and constantly implement new ideas Employment stability - revenue of PLN 2.1BN, no debts, since 2006 on the market We share the profit with Workers - over PLN 76M has already been allocated for this aim since 2022 Attractive benefits package - private healthcare, benefits cafeteria platform, car discounts and more Comfortable workplace – class A offices or remote work Dozens of fascinating projects for prestigious brands from all over the world – you can change them thanks to Job Changer application PLN 1 000 000 per year for your ideas - with this amount, we support the passions and voluntary actions of our workers Investment in your growth – meetups, webinars, training platform and technology blog – you choose Fantastic atmosphere created by all Sii Power People

Nasze wymagania: minimum 1 rok doświadczenia w pracy o podobnym profilu specjalizacji wykształcenie średnie, preferowane wyższe (Informatyka, Cyberbezpieczeństwo) znajomość rodzajów ataków, umiejętność ich rozróżnienia i reagowania znajomość zagadnień technicznych z zakresu sieci LAN/WAN i systemów teleinformatycznych szkolenie dotyczące monitoringu i obsługi incydentów bezpieczeństwa informacji znajomość pakietu MS Office (Word, Excel, PowerPoint, Outlook) Zakres obowiązków: monitorowanie, analizowanie oraz ocenianie (triage) zdarzeń i alarmów z systemów bezpieczeństwa przy użyciu dostępnych narzędzi pod kątem czy dane zdarzenie jest incydentem bezpieczeństw realizowanie zgłoszeń od pracowników wewnętrznych przez systemy zgłoszeniowe (mail, system ticketowy, telefon) tworzenie dokumentacji z prowadzonej obsługi zdarzeń (w tym incydentów) tworzenie raportów dziennych i tygodniowych z pracy zespołu zbieranie i uzupełnianie danych dla potrzeb obsługi incydentu w ramach wsparcia na potrzeby 2 i 3 linii wsparcia Oferujemy: praca w dojrzałym i profesjonalnym zespole (znajdujemy się w ścisłej czołówce najlepszych Pracodawców w Polsce. Jesteśmy liderem w kategorii stabilność zatrudnienia według rankingu Randstad Employer Brand Research 2024) możliwość rozwoju i podnoszenia swoich kwalifikacji poprzez udział w szkoleniach, kursach oraz studiach elastyczne godziny pracy, praca zdalna, dodatkowy dzień wolny od pracy: 4 grudnia (święto branżowe, tzw. „Barbórka”) szeroki pakiet dodatkowych świadczeń i benefitów w tym m.in.: premia miesięczna i kwartalna premia roczna pracowniczy program emerytalny prywatna opieka medyczna karta sportowa na preferencyjnych warunkach świadczenia okolicznościowe, świadczenia dla dzieci, dofinansowanie do wypoczynku

Nasze wymagania: Wiedza z zakresu infrastruktury serwerowej oraz bezpieczeństwa IT. Znajomość administracji Microsoft 365. Podstawowa znajomość administracji systemami Windows. Znajomość konfiguracji sieci komputerowych (LAN, Wi-Fi). Doświadczenie w konfiguracji i diagnostyce sprzętu komputerowego. Znajomość zasad wykonywania i testowania kopii zapasowych. Umiejętność diagnozowania i rozwiązywania problemów technicznych. Samodzielność, systematyczność oraz proaktywne podejście do pracy. Wykształcenie wyższe w obszarze IT lub kierunkach pokrewnych. Mile widziane: Znajomość systemów: Comarch ERP XL, Comarch HRM, Comarch BPM, Comarch BI Point. Podstawowa znajomość języka SQL. O projekcie: Szukamy osoby, która będzie odpowiedzialna za rozwój i utrzymanie infrastruktury IT w naszej organizacji. Na tym stanowisku będziesz wspierać użytkowników w codziennej pracy z systemami, dbać o bezpieczeństwo środowiska IT oraz rozwijać rozwiązania technologiczne wspierające procesy biznesowe. Jeżeli lubisz rozwiązywać problemy techniczne, usprawniać działanie systemów i mieć realny wpływ na funkcjonowanie infrastruktury IT w firmie – to stanowisko jest dla Ciebie. Zakres obowiązków: Zapewnienie stabilnego i bezpiecznego działania infrastruktury IT. Zarządzanie dostępami użytkowników i nadzór nad bezpieczeństwem systemów. Zarządzanie kopiami zapasowymi oraz testowanie procedur odtwarzania danych. Wsparcie użytkowników w rozwiązywaniu bieżących problemów technicznych. Konfiguracja i utrzymanie sprzętu komputerowego oraz przygotowanie stanowisk pracy. Prowadzenie dokumentacji technicznej oraz ewidencji sprzętu IT. Współpraca z działami biznesowymi przy rozwoju systemów i narzędzi IT. Koordynacja współpracy z zewnętrznymi dostawcami infrastruktury, sieci i bezpieczeństwa. Oferujemy: Umowę o pracę na pełen etat. Możliwość rozwoju zawodowego. Pracę w organizacji o stabilnej sytuacji finansowej.

Nasze wymagania: Minimum of 4 years of experience in risk management, controls design, or cybersecurity governance. Strong subject matter expertise in control management, including implementation, assessment, and reporting. Technical knowledge of cybersecurity principles, with a focus on network security domains being a plus. Familiarity with metrics such as KCIs, KRIs, KPIs and their application in risk oversight. Proven ability to translate technical concepts into clear, business-friendly language. Excellent English communication skills, both written and verbal. Recognized certifications related to cybersecurity or control frameworks are advantageous. Strong stakeholder engagement skills, capable of working with diverse teams within complex international environments. Self-motivated, team-oriented, with high-quality standards and the ability to work independently under tight deadlines. Fluent English (spoken and written). Mile widziane: Certifications such as CISSP, CISM, or similar. Experience working within financial services or large regulated industries. O projekcie: As a Mid-Level Cybersecurity Controls Design Analyst, you will be working for our client, a leading international bank with a focus on innovative financial services and digital security. This role is pivotal in shaping and maintaining the cybersecurity control environment, ensuring safeguarding of the bank’s operations, data, and reputation through effective risk management and industry best practices. Join us to help build a safer digital banking landscape and advance your career in a dynamic, global environment. Unleash cybersecurity excellence — champion the future by designing resilient controls that guard digital assets! Krakow-based opportunity with hybrid work model (up to 3 remote days per week). Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Define, design, and oversee operational cybersecurity controls in accordance with industry standards such as NIST 800-53, ensuring alignment with bank requirements. Collaborate with Control Owners, 2LoD, and CCO Technology to maintain control measurements, policies, standards, and procedures. Support control assessments and ensure controls meet legal, regulatory, and compliance obligations. Assist in defining control metrics (KCIs, KRIs, KPIs) to enable effective risk monitoring and reporting. Engage with stakeholders across Engineering, Operations, and Security Assessment teams to deliver consistent and compliant control frameworks. Contribute to continuous improvement initiatives in cybersecurity governance and control processes. Maintain clear and professional documentation, including Policies, Procedures, and Standards, tailored for technical and non-technical audiences. Oferujemy: Stable and long-term cooperation with very good conditions. Enhance your skills and develop your expertise in the financial industry. Work on the most strategic projects available in the market. Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years. Participate in Social Events, training, and work in an international environment. Access to attractive Medical Package. Access to Multisport Program. Access to Pluralsight. Flexible hours & remote work.

Nasze wymagania: Proven experience in building and managing Azure services. Strong knowledge of CI/CD practices, including coding, tooling, and automation techniques. Experience working with multiple support groups contributing to service delivery. Demonstrated ability to design and implement automation and compliance frameworks for cloud deployments. Mile widziane: Industry-recognized cloud certifications (e.g., Microsoft Azure Administrator – AZ-104). Experience with multi-tier application architecture, development, deployment, and support O projekcie: For our client, we are looking for an Azure Site Reliability Engineer to join the global Azure Cloud Services team. This role is focused on supporting and improving highly resilient, scalable, and performant Azure infrastructure in a cloud-native environment. You will work closely with the Azure Engineering Lead, Microsoft, and Cyber Security teams, as well as a mature DevOps Chapter, to ensure continuous improvement and reliability aligned with business objectives. Zakres obowiązków: Act as a DevOps engineer across infrastructure and application improvements. Monitor and manage the Azure foundation platform to enable application deployments. Ensure SLI/SLO targets are met and continuously improved. Collaborate with business application owners and technology teams to deliver cloud-based infrastructure solutions. Identify areas for improvement in infrastructure design and drive changes through to production. Conduct root cause analysis for performance and availability issues, implementing solutions to prevent recurrence. Recommend and implement improvements in monitoring and incident response processes. Perform engineering activities to apply centrally provided patches. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Nasze wymagania: Specific expertise within design and implementation of operating and governance models needed to succeed Experience with MVB (Minimum Viable Bank) concepts and implementation Knowledge of governance model design and implementation Understanding of operational model transitions Experience with guideline development and updates Strong project scoping and planning capabilities Stakeholder management and coordination skills Experience in financial services and banking operations Zakres obowiązków: Drive MVB Operating and governance model track Include project scoping, planning and execution Design operating model and draft updates to guidelines Develop implementation plan for MVB governance Lead track development for executive playbook Coordinate with multiple stakeholders on governance model Ensure successful transition from program to operational model Support MVB operationalization activities Oferujemy: • Life insurance • Private healthcare • MultiSport Card • Clear career path in a growing multinational organization

Nasze wymagania: doświadczenie zawodowe związane z cyberbezpieczeństwem i bezpieczeństwem informacji znajomość zagadnień związanych z procesowym zarządzaniem cyberbezpieczeństwa i bezpieczeństwa informacji, w tym opracowaniem i wdrażaniem polityk bezpieczeństwa oraz planów ciągłości działania praktyczna znajomość norm z rodziny ISO/IEC 27000 oraz ISO 22301 wiedza z obszaru szacowania ryzyka (ISO/IEC 27005) znajomość regulacji z standardów, w tym m.in. NIS2, DORA, NIST umiejętność prowadzenia szkoleń i moderowania spotkań dokładność i sumienność wykonywania zadań dyspozycyjność i gotowość do wyjazdów służbowych Mile widziane: znajomość zagadnień związanych z monitorowanie procesów cyberbezpieczeństwa ICT (np. skanowanie podatności, threat intelligence, SIEM, DLP) znajomość zagadnień związanych z zapewnieniem bezpieczeństwa usług chmurowych posiadanie uznanych certyfikatów w obszarze bezpieczeństwa informacji (CISSP, CISA, CISM) O projekcie: Szukamy zaangażowanej osoby, która będzie wspierała rozwój PBSG i narzędzia erisk. Oznacza to, że będzie odpowiedzialna za audytowanie i wdrażanie wymagań z zakresu bezpieczeństwa informacji i cyberbezpieczeństwa, a także projektowanie i współtworzenie procesów dla systemów zabezpieczeń, narzędzi i aplikacji, zgodnie z politykami, standardami i procedurami w ramach naszych rozwiązań. Zachęcamy do składania ofert zarówno przez osoby, które są ekspertami w dziedzinie cyberbezpieczeństwa, jak i osoby, które dopiero rozwijają swoją wiedzę w tym zakresie. Zakres obowiązków: realizacja projektów z zakresu cyberbezpieczeństwa i bezpieczeństwa informacji w największych polskich i zagranicznych organizacjach opracowywanie rozwiązań proceduralnych związanych z cyberbezpieczeństwem i bezpieczeństwem informacji, w tym niezbędnych polityk, procedur, formularzy, raportów itp. doradztwo w zakresie praktycznych aspektów realizacji procesów cyberbezpieczeństwa i bezpieczeństwa informacji udział w procesie szacowania ryzyka, w tym ryzyka ICT udział w audytach cyberbezpieczeństwa i bezpieczeństwa informacji (organizacyjnych oraz informatycznych) prowadzenie szkoleń ogólnych i specjalistycznych z zakresu cyberbezpieczeństwa i bezpieczeństwa informacji Oferujemy: Umowę o prace lub kontrakt b2b (zgodnie z Twoimi preferencjami) w pełnym wymiarze Wynagrodzenie podstawowe z programem premiowym Atrakcyjny budżet szkoleniowy abyś dalej mógł/mogła doskonalić swoje umiejętności i poszerzać wiedzę Pracę w zgranym i otwartym zespole Niekorporacyjne i zwinne środowisko pracy: choć zależy nam na profesjonalizmie świadczonych usług, to osiągamy to w przyjaznej atmosferze bez narzucającej się struktury zarzadzania Prywatną opiekę medyczną, sesje fizjoterapeutyczne, imprezy integracyjne i inne dodatki

Nasze wymagania: Podstawowa znajomość systemów Linux i Windows. Podstawy działania sieci. Podstawowa wiedza o cyberbezpieczeństwie. Podstawowa znajomość cyberataków. Umiejętność analitycznego myślenia. Gotowość do pracy w systemie 3 zmianowym. Mile widziane: Certyfikat z cyberbezpieczeństwa. O projekcie: Własny silnik e-commerce | Zespół wewnętrzny | Cyberbezpieczeństwo Do #TeamENP poszukujemy kolejnego Junior Service Monitoring Specialist. Razem z zespołem SOC działającym całodobowo, będziesz monitorować nasze systemy, rozwiązywać realne case-y, a także dbać o cyberbezpieczeństwo w całej firmie. Przy codziennych zadaniach będziesz mógł współpracować dodatkowo z zespołami IT Security, IT Support, czy przedstawicielami z całej organizacji. W pracy zespołowej cenimy komunikację, współpracę, zaufanie oraz aktywne uczestnictwo w budowaniu środowiska sprzyjającego innowacjom. Razem z nami możesz rozwijać się zgodnie z najwyższymi standardami IT i e-commerce. Zapoznaj się z Twoimi przyszłymi zadaniami, naszymi wymaganiami i zaaplikuj, aby dołączyć do grona ekspertów w ENP! Zakres obowiązków: Uczestniczenie w pracach zespołu Działu Monitoringu (SOC) w systemie zmianowym 24/7. Przyjmowanie i rejestrowanie zgłoszeń dotyczących zdarzeń bezpieczeństwa. Obsługiwanie systemów wspomagających monitorowanie bezpieczeństwa środowisk teleinformatycznych. Reagowanie na incydenty, dokonywanie wstępnej analizy oraz wyjaśnienia przyczyn ich wystąpienia. Wspieranie 2 i 3 linii w usuwaniu skutków incydentów i zapobieganiu kolejnym. Poszukiwanie nowych zagrożeń poprzez śledzenie dostępnych źródeł informacji. Przygotowywanie raportów dotyczących pracy Działu Monitoringu. Oferujemy: Pakiet benefitów pracowniczych, w tym: prywatna opieka medyczna Medicover, ubezpieczenie grupowe na życie PZU, karta sportowa Medicover Sport. Programy zniżkowe dla pracowników, m.in. w Media Expert. Forma współpracy: umowa zlecenie. Program Poleceń Pracowniczych. Pracę w trybie stacjonarnym. Rozwój kompetencji technicznych oraz zdobycia praktycznego doświadczenia w szerokim obszarze e-commerce. Dostęp do szkoleń oraz konwersacje w języku angielskim z native speakerem.

Nasze wymagania: Minimum 1–2 lata doświadczenia w obszarze cyberbezpieczeństwa, SOC, SIEM, SOAR lub inżynierii bezpieczeństwa. Praktyczna znajomość przynajmniej jednego systemu SIEM/SOAR: Splunk, Wazuh, SecureVisio, CrowdStrike Falcon. Znajomość zagadnień z obszaru: analiza logów, korelacja zdarzeń, automatyzacja reakcji, bezpieczeństwo sieci, EDR/XDR. Znajomość systemów operacyjnych Linux/Windows, protokołów TCP/IP oraz technologii bezpieczeństwa (Firewall, WAF, IDS/IPS). Umiejętność pracy z danymi bezpieczeństwa (logi ustrukturyzowane i nieustrukturyzowane). Zdolność analitycznego myślenia, samodzielność i umiejętność pracy z wieloma zespołami. Znajomość języka angielskiego (min. B2). Mile widziane: Certyfikaty: Splunk, CEH, BTL1, CompTIA CySA+, CompTIA CASP+ lub równoważne. Doświadczenie w środowiskach chmurowych (Azure, AWS, O365). Doświadczenie z narzędziami Threat Intelligence, Threat Hunting, EDR/XDR. O projekcie: Poszukujemy Inżyniera ds. Cyberbezpieczeństwa, który będzie odpowiedzialny za wdrażanie, rozwój oraz utrzymanie systemów klasy SIEM i SOAR, opartych o technologie SecureVisio, Splunk, CrowdStrike oraz Wazuh. Osoba na tym stanowisku będzie odpowiedzialna za budowanie i automatyzacje procesów detekcji zagrożeń, integracji źródeł logów, optymalizacji środowisk bezpieczeństwa oraz wsparciu zespołów SOC w reagowaniu na incydenty. Rola obejmuje również rozwój frameworków detekcji, integracji systemów bezpieczeństwa oraz automatyzację reakcji zgodnie z najlepszymi praktykami rynku. Zakres obowiązków: Wdrażanie, konfiguracja i rozwój systemów SIEM/SOAR, w szczególności SecureVisio, Splunk, Wazuh oraz integracji z CrowdStrike. Projektowanie i rozwijanie use case’ów detekcyjnych, reguł korelacyjnych oraz alertów w systemach SIEM. Tworzenie i doskonalenie playbooków automatyzacyjnych SOAR, w tym mapowania incydentów, reakcji i workflowów. Integracja systemów bezpieczeństwa z różnorodnymi źródłami logów oraz narzędziami IT/OT. Analiza incydentów bezpieczeństwa, wsparcie SOC L1/L2 oraz udział w działaniach Threat Hunting. Monitorowanie i optymalizacja wydajności platform SIEM/SOAR oraz ich architektury. Tworzenie dashboardów, raportów i wizualizacji danych bezpieczeństwa. Współpraca z zespołami technicznymi i biznesowymi w zakresie integracji, reagowania na incydenty oraz wdrażania środowisk bezpieczeństwa IT/OT. Udział w rozwijaniu procesów operacyjnych SOC i Cyber Defense, w tym dokumentacji technicznej (HLD/LLD). Proponowanie usprawnień zwiększających poziom bezpieczeństwa organizacji oraz jakości detekcji. Oferujemy: Zatrudnienie w oparciu o umowę o pracę w stabilnej, stale rozwijającej się firmie. Specjalistyczne szkolenia. Pakiet dodatkowych benefitów (prywatna opieka medyczna, karta wstępu na obiekty sportowe, owocowe wtorki). Przyjazną atmosferę pracy.

Nasze wymagania: Minimum 3 lata doświadczenia w pracy z rozwiązaniami F5 BIG-IP. Bardzo dobra znajomość iRules oraz zasad ich działania w kontekście ruchu HTTP/HTTPS. Praktyczne doświadczenie w automatyzacji konfiguracji F5 z wykorzystaniem Ansible. Umiejętność tworzenia playbooków, ról oraz szablonów Ansible dedykowanych dla F5. Doświadczenie w projektowaniu procesów wdrażania oraz zarządzania cyklem życia konfiguracji Load Balancer. Umiejętność analizy i refaktoryzacji istniejących konfiguracji w kierunku ich automatyzacji i standaryzacji. Doświadczenie w pracy z repozytoriami Git (wersjonowanie i zarządzanie konfiguracją). Dobra znajomość podstaw sieci, w szczególności: TCP/IP, HTTP/HTTPS, SSL/TLS oraz DNS. O projekcie: Dla naszego klienta – firmy telekomunikacyjnej, poszukujemy doświadczonej osoby, która dołączy do zespołu odpowiedzialnego za utrzymanie i rozwój sieci transmisyjnej. Zespół koncentruje się na zapewnieniu stabilności oraz wysokiej dostępności infrastruktury, a także na wdrażaniu innowacyjnych rozwiązań w obszarze transmisji danych. Praca obejmuje realizację ambitnych projektów związanych z automatyzacją, optymalizacją oraz transformacją środowisk sieciowych, z wykorzystaniem najnowszych technologii dostępnych na rynku. Na co dzień zespół współpracuje z zespołami aplikacyjnymi oraz bezpieczeństwa, dostarczając rozwiązania wspierające skalowalność, wydajność i niezawodność kluczowych usług. Zakres obowiązków: Projektowanie i rozwój rozwiązań opartych o F5 BIG-IP (LTM, APM, ASM/WAF, GTM/DNS). Tworzenie oraz automatyzacja konfiguracji Load Balancerów z wykorzystaniem Ansible. Projektowanie i wdrażanie procesów zarządzania cyklem życia konfiguracji, w tym: przygotowanie, testowanie i wdrażanie zmian w środowiskach dev/test/prod, wersjonowanie oraz standaryzacja konfiguracji w repozytoriach Git. Analiza oraz refaktoryzacja istniejących konfiguracji w celu dostosowania ich do nowoczesnych standardów automatyzacji. Tworzenie szablonów Ansible i standardów konfiguracji dla zespołów aplikacyjnych. Współpraca z zespołami deweloperskimi, bezpieczeństwa i aplikacyjnymi przy publikacji usług. Udział w projektach transformacyjnych (automatyzacja, migracje, optymalizacja Application Delivery). Automatyzacja procesów w obszarze Data Center z wykorzystaniem Ansible i innych narzędzi. Praca w ramach 3. linii wsparcia (zaawansowane zagadnienia techniczne), udział w dyżurach 24/7 Oferujemy: Stabilność zatrudnienia – długofalowe projekty, współpraca z wiodącymi firmami, możliwość rozwoju w różnych obszarach branży IT. Elastyczne formy współpracy – umowa B2B, umowa o pracę lub zlecenie. Benefity: Medicover (rozszerzony o stomatologię), FitProfit, lekcje języka angielskiego. Treningi na siłowni F45 - zlokalizowanej w naszym biurze. Wspólnie ćwiczymy pod okiem profesjonalnych trenerów. Wewnętrzny program poleceń. Możliwość finansowania certyfikatów IT. W zależności od projektu pracujemy w trybie hybrydowym, zdalnym lub stacjonarnym. Wydarzenia okolicznościowe oraz wyjazdy integracyjne - budujemy zgrany zespól również poza biurem. Lubimy pomagać - wspieramy akcje charytatywne, takie jak Szlachetna Paczka, a w ramach #PomagamyNexio angażujemy się tam, gdzie naprawdę możemy coś zmienić.

Nasze wymagania: Minimum 2-letnie doświadczenie w obszarach związanych z zarządzaniem bezpieczeństwem informacji. Znajomość frameworków (CIS, NIST). Doświadczenie w implementacji wymagań bezpieczeństwa w projektach. Umiejętności analityczne. Doświadczenie w koordynowaniu i analizowaniu testów bezpieczeństwa. Umiejętność tworzenia spójnej dokumentacji bezpieczeństwa. Znajomość standardów bezpiecznej konfiguracji systemów teleinformatycznych (minimum: systemy operacyjne Linux/Windows, serwery WWW, bazy danych oraz sieci telekomunikacyjne). Język angielski na poziomie B1/B2 oraz umiejętność korzystania z dokumentacji w języku angielskim. Otwartość na współpracę, komunikatywność. Wysoki poziom odpowiedzialności oraz zaangażowania w systematyczne wykonywanie obowiązków. Mile widziane: Wykształcenie wyższe o kierunku informatycznym. Znajomość standardów prowadzenia projektów (Agile, Scrum, PRINCE2). Znajomość DORA, NIS2 (Krajowym Systemem Cyberbezpieczeństwa). O projekcie: Własny silnik e-commerce | Zespół Wewnętrzny | IT Security Do #TeamENP poszukujemy IT Security Analyst. Razem z zespołem Security będziesz mieć bezpośredni wpływ na bezpieczeństwo wdrażanych projektów biznesowych w organizacji. Współpracując na co dzień z zespołami projektowym i IT, będziesz wdrażać systemy i narzędzia spełniające wymagania bezpieczeństwa skutecznie chroniąc firmę przed cyberzagrożeniami. W pracy zespołowej cenimy komunikację, współpracę, zaufanie oraz aktywne uczestnictwo w budowaniu środowiska sprzyjającego innowacjom. Razem z nami możesz rozwijać się zgodnie z najwyższymi standardami IT i e-commerce. Zapoznaj się z twoimi przyszłymi zadaniami, naszymi wymaganiami i zaaplikuj, aby dołączyć do grona ekspertów w ENP! Zakres obowiązków: Przeprowadzanie analizy ryzyka, ocen bezpieczeństwa oraz integracji wymagań dla nowych projektów biznesowych i istniejących systemów. Opiniowanie i weryfikacja architektury projektów systemów oraz zapisów umów pod kątem zgodności z wymaganiami bezpieczeństwa. Analiza dostawców i ich rozwiązań pod kątem zgodności z wymaganiami politykami bezpieczeństwa organizacji. Współpraca z zespołami projektowymi oraz właścicielami biznesowymi w celu zrozumienia i implementacji wymagań bezpieczeństwa. Integracja wymagań bezpieczeństwa w cyklach życia projektów IT zgodnie z podejściem „security by design”. Weryfikacja projektów biznesowych pod kątem zgodności z regulacjami i przepisami prawa. Monitorowanie i nadzorowanie implementacji wymagań bezpieczeństwa w trakcie realizacji projektów. Dokumentowanie procesów, procedur i wyników analiz związanych z bezpieczeństwem IT. Zarządzanie podatnościami na etapie projektowania. Odpowiedzialność za proces usuwania wykrytych podatności. Szkolenia oraz podnoszenie świadomości bezpieczeństwa zespołów projektowych. Przeprowadzanie i koordynowanie testów bezpieczeństwa wdrażanych rozwiązań. Oferujemy: Rozwój zawodowy w branży IT/e-commerce, w firmie, która każdego dnia dostarcza rozwiązania dla dużych, znanych marek. Udział w rozwojowych projektach wewnętrznych ENP i zewnętrznych (praca dla klientów ENP). Pakiet benefitów (w tym ubezpieczenie medyczne MEDICOVER, grupowe na życie PZU, pakiet sportowy Medicover SPORT). Pracownicze programy zniżkowe np. Media Expert. Szkolenia i rozwój osobisty. Konwersacje w języku angielskim z Native Speakerem. Pracę w nowoczesnym biurze w dobrze skomunikowanej części Katowic. Bardzo dobrą atmosferę w pracy i świetnych ludzi wokół z ciekawymi zainteresowaniami. Możliwość awansu zawodowego.

Wymagania: - Minimum 5–7 lat doświadczenia w obszarze bezpieczeństwa informacji lub cyberbezpieczeństwa, - Praktyczną znajomość standardów i regulacji: ISO 27001, NIS2, RODO, DORA, CIS, OWASP, - Doświadczenie w projektowaniu i wdrażaniu architektury bezpieczeństwa, - Doświadczenie w zarządzaniu ryzykiem oraz obszarem compliance, - Rozwinięte kompetencje komunikacyjne oraz umiejętność współpracy z kadrą zarządzającą, - Doświadczenie w zarządzaniu zespołem lub projektami, - Mile widziane certyfikaty: CISSP, CISM, CISA, ISO 27001 LA/LI. O firmie: - Jesteśmy rozwijającą się siecią centrów medycznych z 30-letnim doświadczeniem w branży. Zespół Corten Medic to fachowa kadra medyczna i eksperci związani z zarządzaniem ochroną zdrowia. - Corten Medic zapewnia swoim Pacjentom opiekę lekarza pierwszego kontaktu, specjalistyczne konsultacje, szeroką ofertę badań obrazowych i laboratoryjnych oraz zabiegów rehabilitacyjnych. Wyróżnia nas także nowoczesna okulistyka, którą prowadzimy w ramach Szpitala Jednego Dnia. Świadczymy usługi w ponad 30 lokalizacjach (m.in. w Kielcach, Warszawie i Radomiu) i sukcesywnie zwiększamy dostępność naszej opieki medycznej. - Angażujemy się w akcje charytatywne i profilaktyczne, sprzyjające podnoszeniu świadomości społeczeństwa w zakresie zdrowego stylu życia, a także uczestniczymy w eventach branżowych i konferencjach. Wartości, które liczą się dla nas w pracy, to przede wszystkim zespołowość, inicjatywa, pasja i dobra komunikacja. Zakres obowiązków: - Odpowiedzialność za budowę, rozwój oraz nadzór nad obszarem bezpieczeństwa informacji, cyberbezpieczeństwa oraz Governance, Risk & Compliance (GRC), - Tworzenie i realizacja strategii bezpieczeństwa informacji i cyberbezpieczeństwa w organizacji, - Budowa i rozwój modelu GRC (Governance, Risk & Compliance), - Opracowywanie i wdrażanie polityk, standardów oraz architektury bezpieczeństwa, - Zarządzanie ryzykiem oraz zapewnienie zgodności z regulacjami i standardami (ISO 27001, NIS2, RODO, DORA, CIS, OWASP), - Nadzór nad obszarami bezpieczeństwa operacyjnego, w tym SOC, incident response, threat intelligence oraz vulnerability management, - Prowadzenie i rozwój działań w zakresie Business Continuity (BCP) oraz Disaster Recovery (DRP), - Współpraca z zespołami IT, biznesem oraz Zarządem w zakresie bezpieczeństwa i zarządzania ryzykiem, - Zarządzanie zespołem bezpieczeństwa oraz rozwój kompetencji w obszarze cyberbezpieczeństwa, - Monitorowanie trendów i zagrożeń w obszarze cyberbezpieczeństwa oraz inicjowanie działań usprawniających. Oferujemy: - Możliwość realnego wpływu na kształtowanie strategii bezpieczeństwa organizacji, - Udział w projektach rozwojowych i inwestycyjnych wspierających dynamiczny wzrost organizacji, - Bezpieczeństwo zatrudnienia w oparciu o wybraną formę współpracy, - Możliwość rozwoju w strukturach firmy i pracę w przyjaznym zespole, który chętnie dzieli się wiedzą i doświadczeniem.

Nasze wymagania: Minimum 5–7 lat doświadczenia w obszarze bezpieczeństwa informacji lub cyberbezpieczeństwa, Praktyczną znajomość standardów i regulacji: ISO 27001, NIS2, RODO, DORA, CIS, OWASP, Doświadczenie w projektowaniu i wdrażaniu architektury bezpieczeństwa, Doświadczenie w zarządzaniu ryzykiem oraz obszarem compliance, Rozwinięte kompetencje komunikacyjne oraz umiejętność współpracy z kadrą zarządzającą, Doświadczenie w zarządzaniu zespołem lub projektami, Mile widziane certyfikaty: CISSP, CISM, CISA, ISO 27001 LA/LI. Zakres obowiązków: Odpowiedzialność za budowę, rozwój oraz nadzór nad obszarem bezpieczeństwa informacji, cyberbezpieczeństwa oraz Governance, Risk & Compliance (GRC), Tworzenie i realizacja strategii bezpieczeństwa informacji i cyberbezpieczeństwa w organizacji, Budowa i rozwój modelu GRC (Governance, Risk & Compliance), Opracowywanie i wdrażanie polityk, standardów oraz architektury bezpieczeństwa, Zarządzanie ryzykiem oraz zapewnienie zgodności z regulacjami i standardami (ISO 27001, NIS2, RODO, DORA, CIS, OWASP), Nadzór nad obszarami bezpieczeństwa operacyjnego, w tym SOC, incident response, threat intelligence oraz vulnerability management, Prowadzenie i rozwój działań w zakresie Business Continuity (BCP) oraz Disaster Recovery (DRP), Współpraca z zespołami IT, biznesem oraz Zarządem w zakresie bezpieczeństwa i zarządzania ryzykiem, Zarządzanie zespołem bezpieczeństwa oraz rozwój kompetencji w obszarze cyberbezpieczeństwa, Monitorowanie trendów i zagrożeń w obszarze cyberbezpieczeństwa oraz inicjowanie działań usprawniających. Oferujemy: Możliwość realnego wpływu na kształtowanie strategii bezpieczeństwa organizacji, Udział w projektach rozwojowych i inwestycyjnych wspierających dynamiczny wzrost organizacji, Bezpieczeństwo zatrudnienia w oparciu o wybraną formę współpracy, Możliwość rozwoju w strukturach firmy i pracę w przyjaznym zespole, który chętnie dzieli się wiedzą i doświadczeniem.

Nasze wymagania: Min. 3 lata doświadczenia w administracji sieci IP Bardzo dobra znajomość: BGP, OSPF, MPLS (L2/L3 VPN), NAT Doświadczenie w konfiguracji urządzeń sieciowych (routery, switche, firewalle) Umiejętność samodzielnej diagnostyki problemów sieciowych Znajomość narzędzi monitoringu (SNMP, NetFlow/IPFIX, syslog) Praca z logami i analiza zdarzeń Angielski min. B2 (praca z dokumentacją i zespołami technicznymi) Mile widziane: – Doświadczenie w środowiskach operatorskich (BNG/BRAS, PPPoE, IPoE, DHCP, AAA) – Znajomość SDN – Doświadczenie z vendorami: Cisco, Juniper, Huawei, Nokia, Fortinet, Checkpoint, F5 – Znajomość narzędzi typu Wireshark – Certyfikaty: CCNA/CCNP, HCIA/HCIP lub pokrewne Umiejętności miękkie: – Samodzielność i ownership w realizacji zadań – Dobra komunikacja z zespołem i klientem – Umiejętność pracy w środowisku projektowym i operacyjnym – Nastawienie na rozwiązywanie problemów i dzielenie się wiedzą Zakres obowiązków: Administracja i utrzymanie sieci IP w środowiskach operatorskich (telco/ ISP/ enterprise) Diagnostyka i rozwiązywanie incydentów (L2/L3, IP/IPsec) Udział w projektach rozbudowy, migracji i skalowania sieci Współpraca z zespołami technicznymi oraz vendorami Analiza wpływu zmian konfiguracyjnych na działanie usług Obsługa zgłoszeń zgodnie z SLA (ServiceNow/ JIRA/ Remedy) Oferujemy: Elastyczne formy zatrudnienia – umowa o pracę/ B2B Hybrydowy system pracy Prywatną opiekę medyczną Kartę sportową/ dofinansowanie aktywności Ubezpieczenie na życie

Nasze wymagania: At least 5 years of experience working with multiple middleware technologies, including IBM WebSphere, WebLogic, Apache, nginx, or node.js. Proven expertise in middleware platform security and compliance. Minimum 2 years of experience leading a technical team. Solid understanding of CIS benchmarks and security best practices. Excellent stakeholder management and communication skills. Customer-centric consultancy approach and problem-solving mindset. Mile widziane: Certifications related to cybersecurity, middleware security, or relevant frameworks. O projekcie: As a Senior Middleware Platform Security Specialist, you will be working for our client, a global leader in cybersecurity within the financial services industry. You will help build and implement robust security measures for middleware platforms, ensuring bank's defenses adapt and evolve against a dynamic threat landscape. This is an exceptional opportunity to drive impactful cybersecurity initiatives and advance your career in a forward-thinking environment. Unleash security innovation — shape the future of middleware protection! Krakow-based opportunity with hybrid work model (up to 3 remote days/week). Only candidates with an existing legal right to work in the European Union will be considered for this role. Zakres obowiązków: Define and implement secure configuration baselines for middleware software such as IBM WebSphere, Oracle WebLogic, Apache, nginx, node.js, and more. Collaborate with technical experts to develop compliance checks and remediation guides. Support stakeholders across the organization to understand and meet security requirements. Develop strategies aligned with enterprise architecture and industry best practices to enhance middleware security posture. Lead vendor relationships and evaluate new security technologies. Monitor and report on the effectiveness of security controls with key metrics. Oferujemy: Stable and long-term cooperation with very good conditions Enhance your skills and develop your expertise in the financial industry Work on the most strategic projects available in the market Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years Participate in Social Events, training, and work in an international environment Access to attractive Medical Package Access to Multisport Program Access to Pluralsight Flexible hours

Nasze wymagania: Wykształcenie wyższe (Informatyka, Cybersecurity, IT, Business lub pokrewne). Doświadczenie na stanowisku Information Security Specialist, Application Owner, Application Manager lub podobnym w obszarze bezpieczeństwa IT. Doświadczenie w projektach Identity & Access Management (IAM) lub cyberbezpieczeństwa. Znajomość zarządzania dostępami użytkowników (Access Management). Znajomość bezpieczeństwa aplikacji (Application Security). Rozumienie procesów IT oraz funkcjonowania aplikacji biznesowych. Umiejętność analizy dokumentacji i procesów bezpieczeństwa. Bardzo dobre umiejętności komunikacyjne oraz pracy ze stakeholderami. Samodzielność oraz proaktywne podejście do pracy. Mile widziane: Doświadczenie w pracy w dużych środowiskach korporacyjnych. Znajomość systemów IAM lub RACF. Doświadczenie w prowadzeniu warsztatów z biznesem i zespołami technologicznymi. Znajomość procesów governance, risk & compliance w obszarze bezpieczeństwa IT O projekcie: Poszukujemy Expert Application Security Specialist, który dołączy do trwającego projektu z obszaru Identity & Access Management (IAM) realizowanego w ramach większego programu transformacyjnego. Osoba na tym stanowisku będzie odpowiedzialna za analizę bezpieczeństwa aplikacji oraz zarządzanie dostępami użytkowników, a także za współpracę z interesariuszami biznesowymi i technologicznymi w celu wdrożenia oraz optymalizacji nowych procesów IAM. Dołączysz do istniejącego zespołu projektowego, który zajmuje się komunikacją ze stakeholderami, analizą danych oraz wspieraniem procesu implementacji rozwiązań IAM. Zakres obowiązków: Współpraca z interesariuszami biznesowymi i IT w celu dopasowania celów projektu. Prowadzenie warsztatów i wywiadów z zespołami biznesowymi oraz technologicznymi. Zbieranie, analiza i weryfikacja dokumentacji projektowej. Zapewnienie jakości dokumentacji oraz identyfikacja brakujących informacji. Analiza zarządzania dostępami użytkowników (access management). Identyfikacja naruszeń bezpieczeństwa oraz niezgodności w dostępach. Współpraca z ekspertami Application Management oraz IAM / RACF. Proponowanie działań naprawczych oraz wspieranie procesu ich wdrażania. Moderowanie dyskusji dotyczących wymagań oraz priorytetów. Wsparcie w priorytetyzacji zadań oraz zarządzaniu zakresem projektu. Identyfikacja ryzyk projektowych oraz rekomendowanie działań minimalizujących.

Nasze wymagania: Bachelor’s degree in computer science, Information Technology, Engineering, or equivalent experience. Extensive experience in IT leadership roles, with deep expertise in Digital Workplace, endpoint management, or end-user computing environments at enterprise scale. Proven expertise in designing and leading enterprise-scale Digital Workplace platforms, including endpoint management for Windows, macOS, and mobile devices; Microsoft 365, VDI, and collaboration technologies). Demonstrated experience working with security, identity, compliance, and data privacy in a multinational context. Strong track record of leading cross-functional teams and managing complex technology transformation projects working in a large, multi-national enterprise. Fluent in English. Mile widziane: Additional European languages are a plus. Working in a regulated industry (e.g., life sciences, healthcare, manufacturing) with complex compliance requirements. O projekcie: Director, Endpoint Management & Experience (f/m/d) is responsible for the strategy, governance, and performance of the enterprise end-user device environment. This role ensures a secure, standardized, and high-quality endpoint experience across the organization by leading lifecycle management, platform standards, and operational excellence for all user devices. Partnering closely with Infrastructure, Security, and Managed Service Providers, the Director drives consistency, scalability, and continuous improvement of endpoint services to enhance employee productivity and support enterprise transformation. This role owns the end-to-end endpoint ecosystem, including device lifecycle, configuration standards, security compliance, and user experience while collaborating with Digital Workplace and Infrastructure teams that manage adjacent technologies and services. This position reports to the Senior Director, Enterprise IT Service Operations, and is part of the Infrastructure & Operations organization. Zakres obowiązków: Team Leadership & Capability Maturity: Build, coach, and develop the Digital Workplace team, establishing a community of practice, clear roles and operating disciplines. Drive maturity across architecture, engineering, and service ownership to enable consistent and scalable adoption across our Enterprise. Architecture & Standards: Define and maintain the Digital Workplace reference architecture, including device baselines, enrollment and onboarding methods, Operating system strategies, and virtualization models. Establish Enterprise Standards and guardrails, while enabling appropriate flexibility to support Enterprise needs. Security, Identity & Compliance: Accountable for Digital Workplace security standards across devices, their identities, and access controls, in alignment with Danaher’s security policies and regulatory requirements. Partner closely with Security Operations and Risk teams to ensure endpoint posture, monitoring, incident response, and remediation follow standardized processes and playbooks. Governance & Operations: Establish and enforce a governance framework for Digital Workplace as a Shared Enterprise Capability. Define service ownership, operating standards, and integration with ITSM processes, including lifecycle management, exception handling, and continuous improvement mechanisms. Transformation & Modernization Delivery: Lead Digital Workplace modernization initiatives, including transition to cloud-native device management, operating system readiness, and virtual desktop solutions. Sequence Enterprise deployments in alignment with enterprise programs, approved scope, and capacity assumptions. Continuous Improvement: Monitor platform and vendor roadmaps, driving adoption of high-value capabilities using outcome-based metrics. Continuously improve Digital Workplace security posture, associate experience, and operational efficiency through data-driven decision-making and Kaizen principles.

Sofia Stars Sofia Stars is a fast-growing global service provider that guides high-growth businesses to success. Our range of tailored solutions includes R&D, Customer Support, Sales, KYC, Risk, and Anti-Fraud services. We make every connection shine with fresh tech and cultural understanding. We are seeking a DevSecOps Team Lead to join our team. Office presence is required. Role Mission: Lead and scale the DevSecOps function by embedding security into CI/CD pipelines, cloud platforms, and Kubernetes environments — enabling engineering teams to deliver secure, compliant, and high-velocity releases. Key Responsibilities: - Define the DevSecOps strategy, roadmap, and operating model across the organization. - Build, mentor, and lead a high-performing DevSecOps team. - Integrate security into CI/CD pipelines (SAST, DAST, SCA, IaC scanning, secrets scanning). - Own security for Kubernetes (EKS), Istio, and Service Mesh environments. - Implement and maintain policy-as-code using OPA and admission controllers. - Secure infrastructure-as-code using Terraform, Ansible, Helm, and related tooling. - Drive cloud security across AWS and GCP environments. - Partner with DevOps teams to provide secure platform architectures, training, and operational support. - Implement and maintain SIEM, logging, and security monitoring (ELK, Splunk). - Oversee secrets management, Vault, and privileged access controls. - Lead automation of security workflows, access control, and compliance processes. - Ensure alignment with SSDLC (OWASP SAMM v2) and security governance standards.

Nasze wymagania: In-depth understanding of data privacy laws (e.g., GDPR, CCPA). Experience in data governance, privacy risk management, or related roles. Strong ability to manage multiple stakeholders and understand both technology and business concepts. Excellent interpersonal, analytical, and communication skills. Ability to identify and mitigate data risks, prioritize responses, and explain complex issues clearly. Strong organizational skills with the ability to work under pressure and manage changing priorities. Proven track record of taking ownership and working independently. Excellent verbal and written English communication skills. O projekcie: Are you passionate about data privacy, governance, and ensuring compliance with global regulations? We are looking for a Data Privacy Reviewer to join our Data Privacy Management team and play a key role in managing operational processes, guiding stakeholders, and driving adherence to global data management policies. Sounds like your kind of challenge? Hybrid working model – 2 days a week in the Kraków office Zakres obowiązków: Guide business users across multiple markets and functions in using the DataVisa tool, ensuring accurate case input to meet compliance controls. Perform privacy assessments of operational processes, identifying and mitigating risks through effective tools, training, and guidance. Collaborate with project managers to ensure data privacy initiatives are understood and implemented in programs. Act as a subject matter expert on global data privacy and protection laws, working closely with Legal and Compliance teams. Develop, manage, and maintain data standards, policies, and methodologies in line with global data privacy policies. Create and deliver guidance, training, and educational materials to increase awareness of data privacy requirements. Identify areas for improvement in local practices related to data privacy management. Support the development and delivery of data privacy and protection controls to ensure compliant use of data across global business requirements. Stay up to date with evolving legislation, conduct gap analyses, and help build remedial work programs. Work with stakeholders to plan future data privacy needs and ensure alignment with global scope. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided

Cybersecurity Researcher (Threat Analysis and Detection Engineering) Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Cybersecurity Researcher to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. As Cybersecurity Researcher you will be part of the global Threat Research Unit, fighting against modern cyber threats and cybercriminals by dissecting complex campaigns, reverse engineering malicious content, and creating detection logic for Acronis products. As an expert in cyber threats, you will participate in the development of new threat detection technologies, including various automation and machine learning methods. WHAT YOU'LL DO - Participate in design and implementation of detection capabilities of Acronis Security and EDR products. - Analyse clean and malicious content: executables, scripts, various document formats, websites, memory dumps, vulnerabilities. - Develop, support, and fine-tune threat detection logic and signatures. - Conduct online research of the latest cyber threats and ensure those can be detected by existing in-house technologies. - Contribute to sharing research results in blog posts and articles. - Monitor automated detection pipelines to ensure high detection accuracy. - Support scan engine and product development by participating in joint research projects. WHO WE ARE A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses. Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.

Nasze wymagania: Minimum 4 years of experience in application security or a similar role related to software/ cloud architecture Strong background in web application security Expertise in cloud security, with a focus on AWS Solid understanding of general cybersecurity architecture Excellent command of spoken and written English for international collaboration Proven ability to work in hybrid models and engage effectively with cross‑functional teams Residing in Poland required O projekcie: We are seeking an experienced Cybersecurity Engineer to join our client in the banking industry. This role involves shaping secure solution architectures, influencing development teams, and ensuring that robust security practices are embedded across the organization. You will work in an international environment, collaborating closely with global stakeholders. Zakres obowiązków: Conduct cybersecurity design assessments, including for AI and machine learning solutions, by reviewing, validating, and challenging architectures proposed by development teams Provide expert guidance on secure system design and implementation, particularly for web applications and AWS-based environments Develop, document, and advocate for effective security patterns across the organization Support development teams in implementing security best practices within their solutions Lead Read-out Calls with business stakeholders to explain identified risks and recommend mitigation approaches Analyse penetration test results and code review findings, advising teams on resolving security issues while also mentoring junior colleagues Oferujemy: Great Place to Work since 2015 - it’s thanks to feedback from our workers that we get this special title and constantly implement new ideas Employment stability - revenue of PLN 2.1BN, no debts, since 2006 on the market We share the profit with Workers - over PLN 76M has already been allocated for this aim since 2022 Attractive benefits package - private healthcare, benefits cafeteria platform, car discounts and more Comfortable workplace – class A offices or remote work Dozens of fascinating projects for prestigious brands from all over the world – you can change them thanks to Job Changer application PLN 1 000 000 per year for your ideas - with this amount, we support the passions and voluntary actions of our workers Investment in your growth – meetups, webinars, training platform and technology blog – you choose Fantastic atmosphere created by all Sii Power People