Description:

The position is for a Mid - Senior Security Engineer in the WebSec Team at NordVPN, located in Warsaw, with a full-time remote work option.
The Infrastructure department is responsible for influencing and tracking change, providing frontline support, and delivering software-defined solutions.
Responsibilities include securing backend applications, networking components, and crypto services, utilizing various testing methods such as white, grey, or black box.
The role requires demonstrating reverse engineering skills to find bugs in advanced security solutions.
The engineer will design and create solutions to complex security issues from scratch.
Development of scripts and security automation tools to enhance penetration testing processes is expected.
Close collaboration with backend application developers and other technical team members is necessary to validate, assess, understand the root cause, and mitigate vulnerabilities.
The engineer will also be responsible for sharing security knowledge with colleagues.

Requirements:

Proven experience in application security assessment planning, testing, and vulnerability reporting is required.
Proficiency in using security scanners, static code analyzers, and debuggers is essential.
A strong understanding of networking, including SSL/TLS knowledge, and the ability to explain concepts such as ciphers, PFS, keys, PKI, and certificates is necessary.
The candidate must demonstrate the ability to perform manual security code audits.
Previous experience with fuzzing, reverse engineering, and exploit development is required.
Experience working with application developers to validate, assess, understand the root cause, and mitigate vulnerabilities is essential.
Strong knowledge in application and infrastructure testing methodologies is required.
Knowledge in architecture design and assessment, particularly a manual approach to penetration testing, is necessary.
Bonus points will be awarded for community contributions such as public CVEs, bug bounty recognition, open-source tools, blogs, etc.

Employees will have access to Nord Security products, allowing them to experience solutions used by millions of users worldwide at no charge.
Opportunities for professional growth are provided through internal and external events, online training, conferences, and books to help reach full potential.
Health benefits include private health insurance, a sports access card, online workouts, consultations, and programs to improve mental health.
Mental wellbeing support is available through access to mental health tools like Calm, Headspace, and Mindletic, along with options for therapy.
The company promotes team spirit through team buildings and parties that include games, shows, tastings, food coupons, and gifts.
Additional paid leave is offered for illness or special occasions.
Flexibility in working time arrangements is provided to accommodate employees' needs.