Application Security Consultant

O projekcie: For our international client, we are looking for an Application Security Consultant who will play a key role in building a secure Software Development Life Cycle (SDLC) framework, with a strong focus on Application Security (SAS) across enterprise platforms. This role is part of a strategic initiative aimed at securing source code and standardizing how application security is designed, implemented, and governed. The work will start with assessing the current state of platforms and development practices, and based on that, defining and rolling out SDLC standards, controls, and best practices across the organization. An international environment where a new SDLC framework with embedded Application Security (SAS) is being built from the ground up and rolled out across key platforms. The team is responsible for assessing current maturity, defining security standards, and implementing a consistent approach to secure development. You’ll have a direct impact on shaping how application security is integrated into development processes and how standards are adopted across engineering teams. Wymagania: - 3+ years of experience in software development, DevOps, or platform engineering - Strong programming skills in at least one object-oriented language (e.g. Java, .NET) - Experience working with AWS and/or Azure environments - Hands-on experience with Docker and Kubernetes - Solid understanding of CI/CD pipelines and automated deployments - Experience with Infrastructure as Code and configuration management tools (e.g. Terraform, Ansible, Puppet, Chef) - Good knowledge of Git and application lifecycle management practices - Experience with application security and DevSecOps tooling (e.g. SAST, DAST, SCA, CNAPP) - Understanding of secure development practices within SDLC - Very good English communication skills (C1 level or equivalent) Nice to have: - Experience in building or improving SDLC / SSDLC frameworks in large organizations - Background in conducting security assessments and defining standards based on their results - Knowledge of security frameworks and standards (e.g. ISO 27001, NIST, CIS, OWASP, SOC2, GDPR) - Experience working with large enterprise platforms (e.g. SAP, Salesforce, Databricks, Snowflake) - Knowledge of encryption and cryptography (e.g. PKI, Vault, certificates) - Experience mentoring teams in secure coding and DevSecOps practices Codzienne zadania: - Functional Support: Manage end-user requests, incident qualification, and regular communication for investment banking platforms. - Production Management: Provide L2 technical support, handle deployments (Staging/Prod), and manage system monitoring and security. - Infrastructure Coordination: Work with infra teams on DRP, environment building, and obsolescence management. - Continuous Improvement: Implement DevOps practices, automate tasks via scripting, and maintain quality reporting (KPIs).