Senior Application Security Specialist

Ecovadis • Full-time • Warsaw, Masovian Voivodeship, Poland • 9h ago

Company Description

Work smart, have fun and make an impact!

EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. We analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

Why apply to EcoVadis? Be a part of the global sustainability change in business. Grow your career. Work with extraordinary people. Feel valued for your contribution.

Learn more about our team and culture on EcoVadis careers page.

Job Description

Role Overview

As an Application Security Specialist, you will play a critical role in ensuring that our software products (including web and mobile applications) are designed, built, and deployed with security as a core principle. You will bridge the gap between Security and Development, acting as a subject matter expert who empowers engineering teams to deliver high-quality, secure, and robust code.

In this role, you will specifically focus on the intersection of Application Security and Artificial Intelligence. Your mission is to integrate security into the entire Software Development Life Cycle (SDLC) while addressing the unique challenges of AI-driven applications. Additionally, you will be responsible for conducting and coordinating penetration testing activities and performing high-level monitoring of application resilience.

Key Responsibilities

Secure SDLC & AI Integration: Design, implement, and maintain security gates within CI/CD pipelines. Explore and deploy AI-powered security tools to enhance vulnerability detection and automate triage.
Penetration Testing & Assessments: Conduct regular internal penetration tests on web, mobile, and AI-based applications. Also, coordinate with external security firms for third-party audits and manage the end-to-end remediation process.
Securing AI/ML Solutions: Conduct security reviews and threat modeling specifically for AI-driven features, addressing risks such as Prompt Injection, Training Data Poisoning, and Insecure Output Handling.
Threat Modeling: Lead threat modeling sessions with architects and developers to identify potential attack vectors in traditional applications and LLM-based architectures.
Vulnerability Management: Perform regular security assessments, triage findings from automated tools and pentests, and coordinate with engineering teams to prioritize remediation.
AI Security Governance: Establish guidelines and best practices for the secure use of AI coding assistants and third-party AI APIs within the organization.
Security Code Reviews: Conduct manual and automated deep-dive code reviews, ensuring that code (including AI-generated segments) meets our security standards.
Consultancy & Training: Act as a security consultant for product teams, providing guidance on OWASP Top 10, OWASP Top 10 for LLM, and secure coding standards.
Application Resilience Support: Periodically monitor high-level availability and performance dashboards to maintain oversight of system stability and support long-term capacity planning.

Qualifications

Required Qualifications

Experience: 3+ years of professional experience in Application Security, Penetration Testing, or Secure Software Development.
Cloud & SaaS Knowledge: Practical experience with Azure cloud solutions and securing SaaS platforms.
AI Security Knowledge: Familiarity with the OWASP Top 10 for LLM Applications and common risks associated with Generative AI and Machine Learning models.
Technical Knowledge: Understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10, SANS Top 25) and how to remediate them using industry-standard methodologies (e.g., OWASP WSTG).
Tooling: Hands-on experience with application security tools.
DevSecOps: Experience integrating security checks into CI/CD pipelines (e.g., Azure DevOps).
Education: Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related technical field.
Communication: Excellent English communication skills to explain complex security, AI, and pentesting risks to various stakeholders.
Communication: Excellent communication, facilitation, and negotiation skills, with the ability to explain complex security, AI, and pentesting risks to various stakeholders.
Language: Fluency in English (written and verbal).

Additional Qualifications

Certifications: Professional certifications such as OSCP, OSWE, or specific cloud/AI security credentials.
Application Resilience: Basic understanding of application performance monitoring (APM) and observability concepts.
AI/ML Security Frameworks: Experience with frameworks such as MITRE ATLAS or NIST AI RMF.
Contingency Planning: Experience contributing to Business Continuity (BCP) or Disaster Recovery (DR) strategies.
Cloud & Container Security: Experience securing applications in Azure, AWS, or GCP and knowledge of Kubernetes.

Personal Attributes

Proactivity & Autonomy: High level of proactivity and autonomy in managing security initiatives.
Organization: Strong planning, prioritization, and organizational skills.
Collaborative Spirit: Comfortable challenging assumptions and existing processes while remaining highly collaborative.

Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.

Additional Information

Offer available only for candidates eligible to work and live in Poland
Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland

In return for your expertise, we offer:

Support with all the necessary office and IT equipment
Flexible working hours
Wellness allowance for mental and physical wellbeing
Access to professional mental health support
Referral bonus policy
Learning and development
Sustainability events and community involvement
Peer recognition program
Employee-led resource groups
Optional (fully covered or co-financed) health care and life insurance
Multisport card
Multikafeteria
Lunch card
Hybrid work organization
Remote work from abroad policy
Internet and Electricity bill allowance
Additional day for community service when volunteering

Our hiring team looks forward to reviewing your CV, in English, with a guaranteed response to every application. A new job with purpose awaits you!

Don’t fit all the criteria but still think you’d be a good candidate? Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. We’re interested in hiring capable people, regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs? Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. If you need any adjustments, including the provision of interview questions, please let the hiring team know.

Our team’s strength comes from everyone’s uniqueness and is founded upon mutual respect. EcoVadis commits to equity, inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color, national or ethnic origin, ancestry, citizenship, religion, beliefs, age, sex, gender identity, sexual orientation, neurodiversity, disability, parental status, or any other protected characteristic that makes you unique. In your application, we encourage you to remove personal information such as: photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leave(s) taken, nationality (instead, please state if you are legally eligible to work in the job region/country), university name (instead, please state any degrees obtained and the study major).