June 8, 2026
Application Security Consultant
Mid • Hybrid
150 - 200 PLN
Warsaw, Poland
We are looking for:
For our international client, we are looking for an Application Security Consultant who will play a key role in building a secure Software Development Life Cycle (SDLC) framework, with a strong focus on Application Security (SAS) across enterprise platforms.
This role is part of a strategic initiative aimed at securing source code and standardizing how application security is designed, implemented, and governed. The work will start with assessing the current state of platforms and development practices, and based on that, defining and rolling out SDLC standards, controls, and best practices across the organization.
Apply if you have:
3+ years of experience in software development, DevOps, or platform engineering
Strong programming skills in at least one object-oriented language (e.g. Java, .NET)
Experience working with AWS and/or Azure environments
Hands-on experience with Docker and Kubernetes
Solid understanding of CI/CD pipelines and automated deployments
Experience with Infrastructure as Code and configuration management tools (e.g. Terraform, Ansible, Puppet, Chef)
Good knowledge of Git and application lifecycle management practices
Experience with application security and DevSecOps tooling (e.g. SAST, DAST, SCA, CNAPP)
Understanding of secure development practices within SDLC
Very good English communication skills (C1 level or equivalent)
Nice to have:
Experience in building or improving SDLC / SSDLC frameworks in large organizations
Background in conducting security assessments and defining standards based on their results
Knowledge of security frameworks and standards (e.g. ISO 27001, NIST, CIS, OWASP, SOC2, GDPR)
Experience working with large enterprise platforms (e.g. SAP, Salesforce, Databricks, Snowflake)
Knowledge of encryption and cryptography (e.g. PKI, Vault, certificates)
Experience mentoring teams in secure coding and DevSecOps practices
You'll be joining:
An international environment where a new SDLC framework with embedded Application Security (SAS) is being built from the ground up and rolled out across key platforms.
The team is responsible for assessing current maturity, defining security standards, and implementing a consistent approach to secure development. You’ll have a direct impact on shaping how application security is integrated into development processes and how standards are adopted across engineering teams.
Similar jobs you might like
Technology
LUX MED Sp. z o. o.
Inżynier/Inżynierka ds. Bezpieczeństwa Systemów IT
Senior
Hybrid
Warsaw, Poland
🏢 Summary: Role focused on building and integrating secure SDLC processes across the organization, combining application security, DevSecOps, monitoring, and compliance standards such as OWASP and NIS2. Responsibilities include implementing security tools in CI/CD, vulnerability management, threat modeling, and supporting development teams with secure coding practices. 🗂️ Requirements: Minimum 4 years experience in Application Security, DevSecOps, or Security Engineering, Minimum 3 years programming experience, Practical knowledge of OWASP, Experience integrating security into SDLC and CI/CD, Experience with SAST tools, Experience with DAST tools, Experience with AKS and Kubernetes security, Knowledge of NIS2 and ISO 27001, Experience with SIEM, ELK, Grafana, or Sentinel, Knowledge of threat modeling methodologies, Ability to work with development teams, Understanding of software development lifecycle 📃 Skills: OWASP, NIS2, ISO27001, SAST, DAST, SCA, Checkmarx, SonarQube, GitHub, OWASPZAP, Burp, AKS, Kubernetes, SIEM, ELK, Grafana, Sentinel, STRIDE, CI/CD, SDLC 🏢 Description: O projekcie Tworzymy zespół, który odpowiada za bezpieczeństwo w całym cyklu życia aplikacji – od designu, przez development, aż po monitoring i reakcję. Szukamy osoby, która będzie łączyć świat inżynierii oprogramowania, bezpieczeństwa aplikacyjnego i monitoringu, a także aktywnie kształtować standardy zgodne z OWASP i NIS2. Twoją rolą będzie - Projektowanie i wdrażanie secure SDLC w całej organizacji - Integracja narzędzi bezpieczeństwa w pipeline’ach (SAST, DAST, SCA, secrets, IaC scanning) - Definiowanie i wdrażanie security gates w CI/CD - Wdrażanie standardów zgodnych z OWASP (Top 10, ASVS, SAMM) - Mapowanie i implementacja wymagań NIS2 w procesach IT i SDLC - Współpraca z zespołem Monitoring & Observability nad integracją danych bezpieczeństwa - Analiza podatności, wsparcie zespołów w ich usuwaniu (vulnerability management) w sposób automatyczny - Udział w projektowaniu architektury (threat modeling, secure design reviews) - Wsparcie zespołów developerskich w zakresie secure coding Oczekiwania wobec Ciebie - Min. 4 lata doświadczenia w obszarze Application Security / DevSecOps / Security Engineering - Min. 3 lata doświadczenia w programowaniu i dobre zrozumienie cyklu rozwoju oprogramowania - Praktyczna znajomość OWASP - Doświadczenie w budowie lub integracji security w SDLC / CI/CD - Znajomość narzędzi klasy: SAST (np. Checkmarx, SonarQube, GitHub Advanced Security) - Znajomość narzędzi klasy: DAST (np. OWASP ZAP, Burp) - Doświadczenie z AKS / K8s security - Rozumienie standardów i regulacji (NIS2, ISO 27001, best practices) - Doświadczenie z monitoringiem i analizą logów (SIEM, ELK, Grafana, Sentinel) - Znajomość threat modeling (STRIDE lub podobne) - Umiejętność pracy z zespołami developerskimi i przekładania security na praktykę - Myślenie systemowe – patrzenie na bezpieczeństwo jako część całego platform & SDLC Benefity - dofinansowanie zajęć sportowych - prywatna opieka medyczna - dofinansowanie nauki języków - dofinansowanie szkoleń i kursów - ubezpieczenie na życie - możliwość pracy zdalnej - parking dla pracowników - program rekomendacji pracowników - ubezpieczenie szpitalne - program wellbeingowy
Technology
TQLO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Senior DevSecOps Engineer (Embedded / CRA)
Senior
Remote
Warsaw, Poland
150 - 190 PLN
🏢 Summary: Long-term remote role for a Senior DevSecOps Engineer focused on designing and scaling security processes in large-scale, distributed and embedded environments aligned with Cyber Resilience Act requirements. The position involves building secure CI/CD pipelines, integrating security tools, and ensuring compliance, traceability, and vulnerability management across multiple repositories. The role combines DevOps, application security, and embedded systems expertise with real impact on product architecture and security standards. 🗂️ Requirements: Experience as DevOps Engineer or DevSecOps Engineer in production environments, Strong knowledge of CI/CD and software development lifecycle, Hands-on experience with SAST and SCA tools, Experience in vulnerability management, Experience with GitHub, GitLab, GitHub Actions and AWS, Experience with C/C++ or embedded systems, Experience working with multiple repositories and legacy codebases, English proficiency minimum B2 📃 Skills: DevOps, DevSecOps, CI/CD, SAST, SCA, AWS, GitHub, GitLab, C, C++, Embedded, CMake, Make, SBOM, Security, Veracode, CodeSonar 🏢 Description: Nasz Klient to międzynarodowa organizacja technologiczna rozwijająca zaawansowane produkty software’owe o dużej skali i długim cyklu życia. Projekt koncentruje się na dostosowaniu środowiska wytwarzania oprogramowania do wymagań Cyber Resilience Act (CRA) oraz wdrażaniu standardów bezpieczeństwa w rozproszonych, złożonych systemach. Szukamy doświadczonej osoby na stanowisko Senior DevSecOps Engineer , która będzie odpowiedzialna za projektowanie i skalowanie rozwiązań bezpieczeństwa w środowisku DevOps i embedded. TRYB PRACY: 100% zdalnie CZYM BĘDZIESZ SIĘ ZAJMOWAĆ? Projektowaniem i wdrażaniem skalowalnych procesów bezpieczeństwa ( SAST, SCA ) w środowiskach z dużą liczbą repozytoriów i zespołów Budowaniem oraz rozwijaniem pipeline’ów CI/CD z uwzględnieniem security oraz integracją z narzędziami takimi jak GitHub, GitLab, GitHub Actions i AWS Tworzeniem i utrzymywaniem SBOM oraz wspieraniem procesów zarządzania podatnościami i wyjątkami (waivers) Integracją narzędzi bezpieczeństwa z różnorodnymi systemami buildowymi ( CMake, Make , rozwiązania customowe) w środowiskach legacy i embedded Zapewnieniem traceability oraz wsparcia dla wymagań audytowych wynikających z regulacji CRA Współpracą z zespołami developerskimi przy wdrażaniu standardów bezpieczeństwa i budowaniu świadomości security CZEGO OD CIEBIE OCZEKUJEMY? Doświadczenie w roli DevOps Engineer lub DevSecOps Engineer w środowiskach produkcyjnych Bardzo dobra znajomość CI/CD oraz cyklu życia oprogramowania Praktyczne doświadczenie w obszarze bezpieczeństwa aplikacji ( SAST, SCA , vulnerability management) Doświadczenie w pracy z narzędziami: GitHub, GitLab, GitHub Actions, AWS Doświadczenie w pracy z systemami opartymi o C/C++ lub środowiskami embedded Umiejętność pracy w środowisku z wieloma repozytoriami oraz kodem legacy Bardzo dobra znajomość języka angielskiego (min. B2 ) Nice to have: Doświadczenie z narzędziami security typu Veracode, CodeSonar Znajomość wymagań regulacyjnych (np. Cyber Resilience Act ) Doświadczenie w integracji narzędzi w heterogenicznych środowiskach buildowych Umiejętność projektowania rozwiązań end-to-end i wpływania na decyzje architektoniczne DLACZEGO WARTO? Długoterminowy projekt o dużej skali i realnym wpływie na bezpieczeństwo produktów Praca 100% zdalna z elastycznym podejściem do organizacji pracy Możliwość pracy na styku DevOps, security i systemów embedded Realny wpływ na architekturę i kierunek rozwoju rozwiązań Współpraca w międzynarodowym środowisku i kontakt z różnymi zespołami produktowymi Dziękujemy za wszystkie zgłoszenia! Skontaktujemy się z wybranymi osobami.
Technology
Cyclad
Application Consultant (Java/Guidewire)
Senior
Remote
Warsaw, Poland
145 - 160 PLN/hr
🏢 Summary: Remote B2B role for an Application Consultant responsible for designing, developing, and maintaining high-performance, scalable insurance/financial systems using Guidewire and Java. The position involves building cloud-native microservices, contributing to architecture decisions, and implementing CI/CD and automated testing within a modern DevOps environment. 🗂️ Requirements: Minimum 4+ years of commercial experience as Guidewire or Java Developer, At least 3+ years of hands-on experience with Guidewire (PolicyCenter or BillingCenter), Strong knowledge of Gosu and SQL, Experience with CI/CD pipelines and tools such as Git, Maven, Jenkins, or GitHub Actions, Strong understanding of OOP, functional programming, concurrency, and design patterns, Experience with Docker, Kubernetes, Helm, and Linux, Experience with event-driven architectures, Kafka, REST APIs, and distributed systems 📃 Skills: Java, Guidewire, PolicyCenter, BillingCenter, Gosu, SQL, Git, Maven, Jenkins, GitHub, Docker, Kubernetes, Helm, Linux, Kafka, REST, CI/CD 🏢 Description: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, for our client, we are looking for a skilled Application Consultant to join a dynamic development team. In this role, you will contribute to both the development of new products and the maintenance of existing systems. Your responsibilities will include software design, implementation, testing, and ongoing support, with a strong focus on high-performance and scalable solutions. Project information: Budget: up to 160 PLN net/h (B2B) Work model: 100% remotely Type of employment: B2B contract Industry: insurance / financial services Key Responsibilities: Design, develop, and maintain software systems within a modern development environment Collaborate with cross-functional teams to deliver high-quality solutions Contribute to system architecture and technical design decisions Implement and maintain CI/CD pipelines and automated testing frameworks Build and optimize cloud-native, containerized applications Develop and integrate microservices and distributed systems Ensure performance, scalability, and reliability of applications Requirements: Minimum 4+ years of commercial experience as a Guidewire or Java Developer At least 3+ years of hands-on experience with Guidewire (PolicyCenter or BillingCenter) Strong knowledge of Gosu and SQL Solid experience with CI/CD pipelines, including tools such as Git, Maven, Jenkins, or GitHub Actions Strong software engineering fundamentals: OOP, functional programming, concurrency, and design patterns Experience with Docker, Kubernetes, Helm, and Linux environments Proven experience working with event-driven architectures, Kafka, REST APIs, and distributed systems Familiarity with AI-assisted development tools (e.g., GitHub Copilot) What We Offer: Private medical care with dental care (covering 70% of costs). Family package option possible Multisport card (also for an accompanying person) Life insurance International work environment
Technology
LUX MED Sp. z o. o.
Inżynier/Inżynierka ds. Bezpieczeństwa Systemów IT
Senior
Hybrid
Warsaw, Poland
🏢 Summary: Role focused on building and implementing secure SDLC processes, integrating security tools into CI/CD pipelines, and supporting application security across the software lifecycle. The position combines DevSecOps, vulnerability management, monitoring integration, and secure architecture practices aligned with OWASP and NIS2 standards. Candidates will collaborate with development teams to improve secure coding and automate security controls. 🗂️ Requirements: 4+ years in Application Security, DevSecOps, or Security Engineering, 3+ years of programming experience, Knowledge of software development lifecycle, Practical knowledge of OWASP, Experience integrating security into SDLC and CI/CD, Experience with SAST tools, Experience with DAST tools, Experience with AKS or Kubernetes security, Knowledge of NIS2 and ISO 27001 standards, Experience with SIEM and log analysis, Knowledge of threat modeling, Ability to work with development teams, System-level security thinking 📃 Skills: OWASP, NIS2, ISO27001, SAST, DAST, SCA, Checkmarx, SonarQube, GitHub, OWASPZAP, Burp, AKS, Kubernetes, CI/CD, SIEM, ELK, Grafana, Sentinel, STRIDE, DevSecOps 🏢 Description: O projekcie Tworzymy zespół, który odpowiada za bezpieczeństwo w całym cyklu życia aplikacji – od designu, przez development, aż po monitoring i reakcję. Szukamy osoby, która będzie łączyć świat inżynierii oprogramowania, bezpieczeństwa aplikacyjnego i monitoringu, a także aktywnie kształtować standardy zgodne z OWASP i NIS2. Twoją rolą będzie Projektowanie i wdrażanie secure SDLC w całej organizacji; Integracja narzędzi bezpieczeństwa w pipeline’ach (SAST, DAST, SCA, secrets, IaC scanning); Definiowanie i wdrażanie security gates w CI/CD; Wdrażanie standardów zgodnych z OWASP (Top 10, ASVS, SAMM); Mapowanie i implementacja wymagań NIS2 w procesach IT i SDLC; Współpraca z zespołem Monitoring & Observability nad integracją danych bezpieczeństwa; Analiza podatności, wsparcie zespołów w ich usuwaniu (vulnerability management) w sposób automatyczny; Udział w projektowaniu architektury (threat modeling, secure design reviews); Wsparcie zespołów developerskich w zakresie secure coding. Oczekiwania wobec Ciebie Min. 4 lata doświadczenia w obszarze Application Security / DevSecOps / Security Engineering Min 3 lata doświadczenia w programowaniu i dobre zrozumienie cyklu rozwoju oprogramowania. Praktyczna znajomość OWASP Doświadczenie w budowie lub integracji security w SDLC / CI/CD Znajomość narzędzi klasy: SAST (np. Checkmarx, SonarQube, GitHub Advanced Security); DAST (np. OWASP ZAP, Burp); Doświadczenie z AKS / K8s security Rozumienie standardów i regulacji (ważne: NIS2, ISO 27001, best practices) Doświadczenie z monitoringiem i analizą logów (SIEM, ELK, Grafana, Sentinel) Znajomość threat modeling (STRIDE lub podobne) Umiejętność pracy z zespołami developerskimi i przekładania security na praktykę Myślenie systemowe – patrzenie na bezpieczeństwo jako część całego platform & SDLC Benefity dofinansowanie zajęć sportowych prywatna opieka medyczna dofinansowanie nauki języków dofinansowanie szkoleń i kursów ubezpieczenie na życie możliwość pracy zdalnej parking dla pracowników program rekomendacji pracowników ubezpieczenie szpitalne program wellbeingowy LUX MED Sp. z o.o. W Grupie LUX MED tworzymy środowisko pracy, w którym każdy może czuć się sobą – niezależnie od wieku, płci czy stanu zdrowia. Nasz proces rekrutacyjny jest neutralny płciowo i zapewnia równe szanse wszystkim aplikującym. Pion IT w LUX MED to blisko 700 wykwalifikowanych specjalistów, którzy codziennie realizują zadania wytwórcze, wdrożeniowe i utrzymaniowe w ramach rozwiązań informatycznych, wspierających m.in . pracę lekarzy, obsługę Pacjentów i klientów. Pracujemy z wykorzystaniem technik zwinnych. Jesteśmy nastawieni na nowinki technologiczne, które wesprą biznes w rozwoju naszych usług. Realizacja zadań oparta jest o wykorzystanie i rozwijanie procesów automatycznych. Promujemy dzielenie się wiedzą, oferujemy elastyczność doboru rozwiązań, w tym możliwość proponowania nowych metod czy technologii. Zdrowie i IT łączy więcej niż myślisz! #PracujeMYdlazdrowia #PracujITy!
Technology
emagine Polska
DevSecOps Architect – Fokus SSDLC (m/w/d)
Senior
Hybrid
Münster, NW, Germany
🏢 Summary: The role involves designing and implementing a company-wide Secure Software Development Lifecycle (SSDLC) within a complex IT environment, integrating security practices into development, build, and release processes. The architect will define security standards, introduce modern security toolchains, and support teams hands-on through coaching and implementation. The goal is to enhance security maturity across DevSecOps practices in a regulated environment. 🗂️ Requirements: Proven experience as DevSecOps Engineer, DevSecOps Architect or Security Engineer, Strong expertise in SSDLC and Secure Coding principles, Hands-on experience with security testing tools (SAST, DAST, SCA), Experience with cloud platforms (AWS, Azure or GCP), Experience with containerized environments, Experience with CI/CD pipelines, Practical knowledge of Threat Modeling methodologies, Ability to define and implement security standards and architecture guidelines, Understanding of compliance standards such as ISO 27001 or GDPR 📃 Skills: SSDLC, DevSecOps, SAST, DAST, SCA, Checkmarx, Snyk, SonarQube, OWASP, AWS, Azure, GCP, Docker, Kubernetes, Jenkins, GitLab, GitHub, STRIDE, PASTA, LINDDUN, ISO27001, GDPR, NIS2, IaC 🏢 Description: Wir die emagine GmbH suchen für unsere Business Unit Insurance einen erfahrenen DevSecOps Architect (m/w/d) mit Schwerpunkt Secure Software Development Lifecycle (SSDLC) , der Entwicklungsprozesse nachhaltig sicherheitsorientiert weiterentwickelt, Best Practices etabliert und Teams hands-on in der Umsetzung begleitet. Ziel ist der Aufbau bzw. die Optimierung eines ganzheitlichen SSDLC in einer komplexen IT-Landschaft . Rahmendaten: Start: Juno 2026 ggf. später Dauer : 10 Monate + Option Einsatzort : remote/Münster Aufgaben Analyse bestehender Entwicklungs-, Build- und Releaseprozesse hinsichtlich Sicherheitsreife, Schwachstellen und Optimierungspotenzial Konzeption, Aufbau und Einführung eines unternehmensweiten SSDLC-Frameworks , abgestimmt auf Organisation, Technologien und regulatorische Anforderungen Definition und Implementierung von: Security Gates Quality Checks Secure Coding Guidelines DevSecOps Standards Integration moderner Security-Toolchains entlang des SDLC: SAST, DAST, SCA Secrets Scanning Container Security Infrastructure-as-Code (IaC) Security Aktive Begleitung der Entwicklungsteams durch: Coaching & Mentoring Pair Programming Schulungen Hands-on Support im Tagesgeschäft Einführung und Etablierung von Threat Modeling Prozessen (z. B. STRIDE, PASTA, LINDDUN) Bewertung bestehender Toolchains und Empfehlung nachhaltiger Lösungen Definition sicherer Architektur- und Coding-Standards in enger Zusammenarbeit mit Entwicklung, Cloud und Architektur Unterstützung bei: Security Reviews & Code Audits Koordination von Penetration Tests Audit- und Compliance-Nachweisen Stakeholder-Management sowie Reporting zu: Security Reifegrad Fortschritt & Risiken Maßnahmen und Roadmaps Anforderungen Fundierte Erfahrung als DevSecOps Engineer/Architect, Security Engineer oder vergleichbar Tiefes Verständnis von SSDLC, Secure Coding und DevSecOps-Prinzipien Praktische Erfahrung mit gängigen Security-Tools (z. B. Checkmarx, Snyk, SonarQube, OWASP Tools, etc.) Erfahrung in Cloud-Umgebungen (AWS, Azure oder GCP) und containerisierten Architekturen (Docker, Kubernetes) Know-how in CI/CD-Pipelines (z. B. Jenkins, GitLab CI, GitHub Actions) Erfahrung mit Threat Modeling Methoden Sehr gute Kommunikationsfähigkeiten und Erfahrung im Coaching technischer Teams Verständnis für Compliance-Anforderungen (z. B. ISO 27001, NIS2, GDPR von Vorteil) Nice-to-haves Erfahrung in regulierten Branchen (Finance, Insurance, Public) Zertifizierungen wie CSSLP, CISSP, CISM, Azure/AWS Security Erfahrung in großen, verteilten Organisationen / Enterprise-Umfeld
Technology
Link Group
Global Head of DevSecOps
Senior
Hybrid
Warsaw, Poland
30,000 - 40,000 PLN
🏢 Summary: Executive-level DevSecOps leadership role responsible for defining and executing a global DevSecOps strategy in an AWS-based enterprise environment. The position owns security governance, automation, and compliance across the full SDLC, ensuring scalable and secure cloud operations. It includes leading international teams and driving large-scale DevSecOps transformation aligned with business objectives. 🗂️ Requirements: 10+ years experience in DevSecOps, DevOps, or Security Engineering, Leadership experience at Director, Head, or Lead level, Strong technical expertise in AWS and cloud architectures, Proven experience designing and executing DevSecOps strategies in large international organizations, Experience defining roadmaps, milestones, and KPIs, Deep knowledge of application and infrastructure security, Hands-on experience with CI/CD pipelines and automation, Experience enforcing security and compliance standards across SDLC, Experience managing global DevSecOps teams, Fluent English 📃 Skills: AWS, Azure, DevSecOps, DevOps, Security, Cloud, CICD, SDLC, Automation, Compliance, Governance 🏢 Description: Responsibilities: Full ownership of defining, implementing, and enforcing a global DevSecOps strategy within an AWS-based organization. Building and maintaining a long-term DevSecOps transformation roadmap, including key milestones, KPIs, and execution control mechanisms. Oversight of security standard implementation across the entire Software Development Life Cycle (SDLC), with emphasis on automation and scalability. Establishing and enforcing governance in security, compliance, and DevOps practices across the entire organization. Close collaboration with C-level executives, architecture teams, and engineering teams to ensure full technical and business alignment. Monitoring process effectiveness, identifying risks, and implementing corrective actions at a global scale. Managing distributed, international DevSecOps teams, including leadership development and building high-performance structures. Accountability for audits, regulatory compliance, and continuous improvement of production environment security. Requirements: Extensive experience (10+ years ) in DevSecOps, DevOps, or Security Engineering, including leadership-level roles (Director, Head, Lead). Strong technical background in AWS and modern cloud architectures. Proven track record of designing and executing DevSecOps strategies in large, complex, international organizations. Experience in defining roadmaps, milestones, KPIs, and managing organizational-level delivery. Deep understanding of application security, infrastructure security, CI/CD , automation, and compliance domains. Experience working in global environments and collaborating with executive-level stakeholders. Strong risk management skills, strategic decision-making ability, and enforcement of standards. Fluent English in a multinational working environment. Experience with Azure considered a strong advantage.
Technology
Cyclad
Application Consultant (Java/Guidewire)
Senior
Hybrid
Warsaw, Poland
145 - 160 PLN/hr
🏢 Summary: B2B role for an experienced Application Consultant to design, develop, and maintain high‑performance, scalable insurance systems using Guidewire and Java. The position involves building cloud‑native, containerized microservices, contributing to architecture decisions, and implementing CI/CD and automated testing in a hybrid Warsaw setup. 🗂️ Requirements: Minimum 4+ years commercial experience as Guidewire or Java Developer, At least 3+ years hands-on experience with Guidewire (PolicyCenter or BillingCenter), Strong knowledge of Gosu and SQL, Experience with CI/CD pipelines and related tools, Strong understanding of OOP, functional programming, concurrency, design patterns, Experience with Docker, Kubernetes, Helm, Linux, Experience with event-driven architectures and distributed systems, Experience with Kafka and REST APIs 📃 Skills: Java, Guidewire, PolicyCenter, BillingCenter, Gosu, SQL, Git, Maven, Jenkins, GitHub, CI/CD, Docker, Kubernetes, Helm, Linux, Kafka, REST, OOP 🏢 Description: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, for our client, we are looking for a skilled Application Consultant to join a dynamic development team. In this role, you will contribute to both the development of new products and the maintenance of existing systems. Your responsibilities will include software design, implementation, testing, and ongoing support, with a strong focus on high-performance and scalable solutions. Project information: Budget: up to 160 PLN net/h (B2B) Work model: Hybrid/ Warsaw (Wola) -up to 1 day per week in the office Type of employment: B2B contract Industry: insurance / financial services Key Responsibilities: Design, develop, and maintain software systems within a modern development environment Collaborate with cross-functional teams to deliver high-quality solutions Contribute to system architecture and technical design decisions Implement and maintain CI/CD pipelines and automated testing frameworks Build and optimize cloud-native, containerized applications Develop and integrate microservices and distributed systems Ensure performance, scalability, and reliability of applications Requirements: Minimum 4+ years of commercial experience as a Guidewire or Java Developer At least 3+ years of hands-on experience with Guidewire (PolicyCenter or BillingCenter) Strong knowledge of Gosu and SQL Solid experience with CI/CD pipelines, including tools such as Git, Maven, Jenkins, or GitHub Actions Strong software engineering fundamentals: OOP, functional programming, concurrency, and design patterns Experience with Docker, Kubernetes, Helm, and Linux environments Proven experience working with event-driven architectures, Kafka, REST APIs, and distributed systems Familiarity with AI-assisted development tools (e.g., GitHub Copilot) What We Offer: Private medical care with dental care (covering 70% of costs). Family package option possible Multisport card (also for an accompanying person) Life insurance International work environment
Technology

The Nuclear Company
Staff Application Security Engineer
Senior
On-site
Washington, DC
150,000 - 173,004 USD/yr
🏢 Summary: The role focuses on securing modern applications, APIs, cloud workloads, and developer workflows within a nuclear energy environment. You will embed security into the SDLC, perform threat modeling and code reviews, harden CI/CD pipelines, and collaborate across engineering teams to manage vulnerabilities and protect sensitive data. This position combines hands-on application security, DevSecOps, and cloud security responsibilities in a regulated, mission-critical context. 🗂️ Requirements: 4+ years experience in application, product, or software security, Hands-on experience securing web applications, APIs, distributed systems, or cloud-native services, Strong knowledge of application security risks (authentication, authorization, injection, SSRF, insecure deserialization, secrets exposure, API security), Experience with secure SDLC tools (SAST, SCA, secret scanning, CI/CD security), Ability to read code in at least one language: Python, TypeScript, Go, Java, C#, or C++, Familiarity with AWS security concepts (IAM, encryption, logging, networking, secrets management, infrastructure-as-code), Experience performing threat modeling and security reviews, Understanding of offensive security principles 📃 Skills: Python, TypeScript, Go, Java, C#, C++, AWS, IAM, CodeQL, Dependabot, SAST, SCA, CI/CD, GitHub, OWASP, NIST, SOC2, IEC62443, NERCCIP 🏢 Description: About the role The Nuclear Company is searching for an Application Security Engineer to help secure the software, data systems, and developer workflows that power our Nuclear Operating System, internal platforms, and mission-critical applications. This is a high-ownership role for a builder who is equally comfortable reviewing application architecture, threat modeling APIs, improving GitHub security controls, and partnering directly with engineers to ship secure software quickly. You will work across product engineering, platform engineering, data science, infrastructure, and operations to embed security into the way we design, build, test, and deploy software. You will help define secure development standards, review high-impact product designs, harden CI/CD workflows, and guide teams through vulnerability remediation in a practical, risk-based way. This role reports to the Senior Manager for Application and Product Security. Responsibilities Application & Product Security - Perform security reviews and threat models for NOS modules, internal tools, APIs, data workflows, AI-enabled features, and cloud-connected applications. - Identify and remediate risks across authentication, authorization, tenant isolation, input validation, secrets handling, encryption, logging, and data access. - Review application designs and code changes for security issues before production. - Define reusable security patterns for web applications, APIs, mobile workflows, internal platforms, and data-heavy systems. - Establish secure-by-default approaches for applications supporting regulated, high-consequence infrastructure. Secure SDLC & Developer Enablement - Build and improve DevSecOps practices across the GitHub-based SDLC, including code scanning, dependency review, secret scanning, branch protections, CI/CD hardening, and secure workflows. - Create secure templates, checklists, automation, documentation, and lightweight review processes. - Triage and prioritize findings from SAST, SCA, secret scanning, penetration tests, code reviews, and internal assessments. - Develop vulnerability management workflows, remediation guidance, and engineering metrics. - Support secure coding education through design reviews, documentation, and developer partnership. Platform, Cloud & Data Security - Secure AWS workloads, infrastructure-as-code, service integrations, data pipelines, and deployment workflows. - Review integrations involving Palantir Foundry, partner APIs, internal data platforms, and AI-assisted engineering workflows. - Secure sensitive data flows across application, platform, and operational environments. - Ensure application events, audit logs, and security signals support investigation and response. - Navigate cybersecurity expectations within a regulated nuclear energy environment. Cross-Functional Partnership - Partner with software engineers, product managers, data engineers, infrastructure teams, and stakeholders. - Communicate risk clearly while balancing security and delivery speed. - Contribute to the application and product security roadmap as systems scale. - Help build a culture of ownership, velocity, and technical rigor. Experience - 4+ years in application security, product security, software security, or software engineering with strong security focus. - Experience securing modern software systems including web applications, APIs, distributed systems, or cloud-native services. - Strong understanding of authentication, authorization, access control, injection, insecure deserialization, SSRF, secrets exposure, dependency risk, and API security. - Experience with GitHub Advanced Security, CodeQL, Dependabot, SAST, SCA, secret scanning, and CI/CD security. - Ability to read at least one modern programming language (Python, TypeScript, Go, Java, C#, or C++). - Familiarity with AWS security concepts including IAM, logging, encryption, networking, secrets management, and infrastructure-as-code. - Strong communication skills and offensive security mindset. Preferred Qualifications - Experience securing software in regulated or mission-critical environments. - Familiarity with AI-assisted development tools, LLM-enabled applications, prompt injection risks, and AI supply chain concerns. - Experience with vulnerability management, penetration testing, DAST tools, or incident response. - Familiarity with OWASP ASVS, OWASP Top 10, OWASP API Security Top 10, NIST CSF, NIST 800-53, SOC 2, IEC 62443, or NERC CIP. - Security certifications such as AWS Certified Security – Specialty or OSWE. - Interest in nuclear energy and critical infrastructure. Benefits - Competitive compensation packages - 401k with company match - Medical, dental, vision plans - Generous vacation policy plus holidays Estimated Starting Salary Range The estimated starting salary range for this role is $150,000 - $173,000 annually, less applicable withholdings and deductions, paid on a bi-weekly basis. The actual salary offered may vary based on experience, qualifications, tenure, skill set, availability of qualified candidates, geographic location, certifications, and other relevant factors. EEO Statement The Nuclear Company is an equal opportunity employer committed to fostering an inclusive workplace. Equal employment opportunities are provided without regard to protected characteristics. Discrimination in any aspect of employment is prohibited. Export Control Certain positions may involve access to information and technology subject to U.S. export controls. Compliance requirements may limit consideration of some applicants.
Technology
Cyclad
Application Consultant (Java/Guidewire)
Senior
Hybrid
Warsaw, Poland
110 - 140 PLN/hr
🏢 Summary: B2B Application Consultant role focused on developing and maintaining high-performance, scalable insurance systems using Guidewire and Java. The position involves software design, architecture contributions, CI/CD implementation, and building cloud-native microservices in a hybrid work model. The role emphasizes distributed systems, containerization, and modern DevOps practices. 🗂️ Requirements: Minimum 4+ years commercial experience as Guidewire or Java Developer, At least 3+ years hands-on experience with Guidewire (PolicyCenter or BillingCenter), Strong knowledge of Gosu and SQL, Experience with CI/CD pipelines and related tools, Strong knowledge of OOP, functional programming, concurrency, design patterns, Experience with Docker, Kubernetes, Helm, Linux, Experience with event-driven architectures and distributed systems, Experience with Kafka and REST APIs 📃 Skills: Java, Guidewire, PolicyCenter, BillingCenter, Gosu, SQL, Git, Maven, Jenkins, GitHub, CI/CD, Docker, Kubernetes, Helm, Linux, Kafka, REST, OOP 🏢 Description: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, for our client, we are looking for a skilled Application Consultant to join a dynamic development team. In this role, you will contribute to both the development of new products and the maintenance of existing systems. Your responsibilities will include software design, implementation, testing, and ongoing support, with a strong focus on high-performance and scalable solutions. Project information: Budget: up to 140 PLN net/h (B2B) Work model: Hybrid/ Warsaw (Wola) -up to 1 day per week in the office Type of employment: B2B contract Industry: insurance / financial services Key Responsibilities: Design, develop, and maintain software systems within a modern development environment Collaborate with cross-functional teams to deliver high-quality solutions Contribute to system architecture and technical design decisions Implement and maintain CI/CD pipelines and automated testing frameworks Build and optimize cloud-native, containerized applications Develop and integrate microservices and distributed systems Ensure performance, scalability, and reliability of applications Requirements: Minimum 4+ years of commercial experience as a Guidewire or Java Developer At least 3+ years of hands-on experience with Guidewire (PolicyCenter or BillingCenter) Strong knowledge of Gosu and SQL Solid experience with CI/CD pipelines, including tools such as Git, Maven, Jenkins, or GitHub Actions Strong software engineering fundamentals: OOP, functional programming, concurrency, and design patterns Experience with Docker, Kubernetes, Helm, and Linux environments Proven experience working with event-driven architectures, Kafka, REST APIs, and distributed systems Familiarity with AI-assisted development tools (e.g., GitHub Copilot) What We Offer: Private medical care with dental care (covering 70% of costs). Family package option possible Multisport card (also for an accompanying person) Life insurance International work environment
Technology
Cyclad
Application Consultant (Java/Guidewire)
Senior
Hybrid
Warsaw, Poland
110 - 140 PLN/hr
🏢 Summary: B2B Application Consultant role focused on developing and maintaining Guidewire-based insurance systems within a modern, cloud-native environment. The position involves software design, implementation, CI/CD automation, and building scalable microservices and distributed architectures. Hybrid work model with strong emphasis on performance, scalability, and high-quality engineering practices. 🗂️ Requirements: Minimum 4+ years commercial experience as Guidewire or Java Developer, At least 3+ years hands-on experience with Guidewire (PolicyCenter or BillingCenter), Strong knowledge of Gosu and SQL, Experience with CI/CD pipelines and tools such as Git, Maven, Jenkins, or GitHub Actions, Strong understanding of OOP, functional programming, concurrency, design patterns, Experience with Docker, Kubernetes, Helm, Linux, Experience with event-driven architecture and distributed systems, Experience with Kafka and REST APIs 📃 Skills: Java, Guidewire, PolicyCenter, BillingCenter, Gosu, SQL, Git, Maven, Jenkins, GitHub, Docker, Kubernetes, Helm, Linux, Kafka, REST, CI/CD, OOP, Concurrency 🏢 Description: In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, for our client, we are looking for a skilled Application Consultant to join a dynamic development team. In this role, you will contribute to both the development of new products and the maintenance of existing systems. Your responsibilities will include software design, implementation, testing, and ongoing support, with a strong focus on high-performance and scalable solutions. Project information: Budget: up to 140 PLN net/h (B2B) Work model: Hybrid/ Warsaw (Wola) -up to 1 day per week in the office Type of employment: B2B contract Industry: insurance / financial services Key Responsibilities: Design, develop, and maintain software systems within a modern development environment Collaborate with cross-functional teams to deliver high-quality solutions Contribute to system architecture and technical design decisions Implement and maintain CI/CD pipelines and automated testing frameworks Build and optimize cloud-native, containerized applications Develop and integrate microservices and distributed systems Ensure performance, scalability, and reliability of applications Requirements: Minimum 4+ years of commercial experience as a Guidewire or Java Developer At least 3+ years of hands-on experience with Guidewire (PolicyCenter or BillingCenter) Strong knowledge of Gosu and SQL Solid experience with CI/CD pipelines, including tools such as Git, Maven, Jenkins, or GitHub Actions Strong software engineering fundamentals: OOP, functional programming, concurrency, and design patterns Experience with Docker, Kubernetes, Helm, and Linux environments Proven experience working with event-driven architectures, Kafka, REST APIs, and distributed systems Familiarity with AI-assisted development tools (e.g., GitHub Copilot) What We Offer: Private medical care with dental care (covering 70% of costs). Family package option possible Multisport card (also for an accompanying person) Life insurance International work environment