Security Engineer

• Position: Security Engineer – Vulnerability Management • Salary: up to 17 000 PLN gross/month, COE (UoP) • Working mode: Hybrid / Remote Our client is a global technology company providing a cloud-based platform that helps organizations manage large volumes of data and complex workflows. Their product is widely used by enterprise clients across various industries. The company operates in a modern cloud environment and places strong emphasis on security, scalability, and reliability. Security teams work closely with engineering to proactively identify and mitigate risks. The organization promotes a collaborative culture and continuous improvement. Role summary As a Security Engineer focused on Vulnerability Management, you will be responsible for identifying, assessing, and driving remediation of vulnerabilities across the organization’s systems and applications. Responsibilities: • Support the Vulnerability Management program by contributing to scalable processes and enabling the adoption of security services. • Assist in developing and maintaining automation and reusable tooling to improve efficiency across the program. • Maintain and optimize vulnerability scanning tools by performing updates, resolving issues, monitoring performance, and coordinating with vendors to ensure reliable and accurate risk data. • Implement and direct Vulnerability Management processes. Oversee the entire vulnerability management lifecycle: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification. • Assist in improving configuration management practices by identifying misconfigurations, contributing to standards, and supporting efforts that enhance efficiency, effectiveness, and compliance. • Actively swarm on high‑urgency vulnerability response events by rapidly triaging findings, determining impact radius, coordinating with responsible teams, and driving swift remediation to reduce risk as quickly as possible. • Contribute to team objectives aimed at reducing overall risk and identifying new areas of exposure. • Collaborate with internal teams to validate and remediate findings from vulnerability scans, third-party assessments, and the Bug Bounty Program. • Improve configuration management practices to enhance efficiency, effectiveness, and compliance. • Perform threat modeling to assess the severity of a vulnerability. • Participate in sessions and events to enhance the skills and expertise of the team, fostering a culture of continuous learning and improvement. • Enhance risk visibility by reporting on relevant metrics. Minimum qualifications:  • Familiarity with common software vulnerabilities (ex: OWASP Top 10) and their remediations. • Bachelor’s degree in Computer Science, Cybersecurity, or related field OR equivalent experience. • Experience with cloud platforms (e.g., Azure, AWS) and containerization technologies. • Excellent verbal and written communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders. • Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. Preferred qualifications: • 1 year of experience on a security team. • Knowledge of professional software engineering practices & software development life cycle (SDLC), including coding standards, code reviews, source control management, build processes, testing, and operations. • Experience with modern vulnerability scanning tools. • Experience deploying Infrastructure as Code using Pulumi. • Proficiency in at least 1 modern Object-Oriented Programming (OOP) language, preferably .NET. • Experience working in a SaaS environment operating on a global scale. • Experience in the legal space. • Experience working with container vulnerability scanning tools. • Experience working with Azure. • Experience working with FedRAMP. Benefit Highlights: • Comprehensive health, dental, and vision plans • Parental leave for primary and secondary caregivers • Flexible work arrangements • Two, week-long company breaks per year • Additional time off • Long-term incentive program • Training investment program