My client is a leading live-streaming platform with over 450 million registered users worldwide, operating in a rapidly growing industry projected to reach $240 billion in the coming years. Founded in 2018, the company now has over 500 employees globally and is driven by a culture of growth, innovation, and success.

We are seeking an experienced Application Security Engineer to strengthen the security of web, mobile, and cloud-based applications, while working closely with cross-functional engineering teams. This role is on-site and offers the opportunity to make a real impact in securing one of the most popular global live-streaming platforms.

Location: Warsaw, on-site

Key Responsibilities

• Perform security testing for Web, Mobile (iOS/Android), and API applications.
• Conduct vulnerability assessments on cloud infrastructure (preferably GCP).
• Lead the implementation and improvement of Secure SDLC practices.
• Build and maintain security automation pipelines (SAST, DAST, secret scanners, dependency checkers, quality gates).
• Partner with Developers, QA, DevOps, and Product teams to resolve vulnerabilities and enhance secure coding practices.
• Develop and maintain internal tools for security testing and automation (Python preferred).
• Support compliance initiatives (e.g., PCI DSS) and contribute to internal audits.
• Maintain security documentation, knowledge bases, and training materials.

Requirements

• 5+ years of experience in Application Security (offensive and defensive).
• Strong knowledge of Secure SDLC, CI/CD security integration, and OWASP Top 10.
• Experience with security testing for streaming-related applications.
• Hands-on experience with tools such as:
• SAST: SonarQube, Black Duck, Defect Dojo
• DAST: Burp Suite
• Other: MobSF
• Ability to automate tests and exploits in Python.
• Relevant security certifications (e.g., CEH, Burp Suite Certified Practitioner).
• Familiarity with cloud security (GCP/AWS).
• Strong background in mobile application security (iOS & Android).
• Exposure to penetration testing tools (Metasploit, sqlmap, THC-Hydra, hashcat).

Nice to Have

• Degree in Cybersecurity, Information Security, or related field.
• Experience with advanced tools (Nuclei, QARK, jwt_tool, Frida, mitmproxy, apktool).
• Experience with bug bounty or responsible disclosure programs.
• Certifications such as HTB Certified Bug Bounty Hunter, CAP.

What’s on Offer

• Competitive salary with stock options.
• On-site role in a dynamic, international environment.
• Private medical insurance (covering you and 75% for relatives).
• Free daily lunches.
• Parking and Multisport card.
• Team-building events and a fun, supportive workplace culture.