My client is a leading live-streaming platform with over 450 million registered users worldwide, operating in a rapidly growing industry projected to reach $240 billion in the coming years. Founded in 2018, the company now has over 500 employees globally and is driven by a culture of growth, innovation, and success.
We are seeking an experienced Application Security Engineer to strengthen the security of web, mobile, and cloud-based applications, while working closely with cross-functional engineering teams. This role is on-site and offers the opportunity to make a real impact in securing one of the most popular global live-streaming platforms.
Location: Warsaw, on-site
Key Responsibilities
-
Perform security testing for Web, Mobile (iOS/Android), and API applications.
-
Conduct vulnerability assessments on cloud infrastructure (preferably GCP).
-
Lead the implementation and improvement of Secure SDLC practices.
-
Build and maintain security automation pipelines (SAST, DAST, secret scanners, dependency checkers, quality gates).
-
Partner with Developers, QA, DevOps, and Product teams to resolve vulnerabilities and enhance secure coding practices.
-
Develop and maintain internal tools for security testing and automation (Python preferred).
-
Support compliance initiatives (e.g., PCI DSS) and contribute to internal audits.
-
Maintain security documentation, knowledge bases, and training materials.
Requirements
-
5+ years of experience in Application Security (offensive and defensive).
-
Strong knowledge of Secure SDLC, CI/CD security integration, and OWASP Top 10.
-
Experience with security testing for streaming-related applications.
-
Hands-on experience with tools such as:
-
SAST: SonarQube, Black Duck, Defect Dojo
-
DAST: Burp Suite
-
Other: MobSF
-
Ability to automate tests and exploits in Python.
-
Relevant security certifications (e.g., CEH, Burp Suite Certified Practitioner).
-
Familiarity with cloud security (GCP/AWS).
-
Strong background in mobile application security (iOS & Android).
-
Exposure to penetration testing tools (Metasploit, sqlmap, THC-Hydra, hashcat).
Nice to Have
-
Degree in Cybersecurity, Information Security, or related field.
-
Experience with advanced tools (Nuclei, QARK, jwt_tool, Frida, mitmproxy, apktool).
-
Experience with bug bounty or responsible disclosure programs.
-
Certifications such as HTB Certified Bug Bounty Hunter, CAP.
What’s on Offer
-
Competitive salary with stock options.
-
On-site role in a dynamic, international environment.
-
Private medical insurance (covering you and 75% for relatives).
-
Free daily lunches.
-
Parking and Multisport card.
-
Team-building events and a fun, supportive workplace culture.