Security Specialist

Why join GFT?

You will work with and learn from top IT experts. You will join a crew of experienced engineers: 60% of our employees are senior level.

Interested in the cloud? You will enjoy our full support in developing your skills: training programs, certifications and our internal community of experts. We have strong partnerships with top cloud providers: Google, Amazon and Microsoft - we are number one in Poland in numbers of GCP certificates. Apart from GCP, you can also develop in AWS or Azure.

We are focused on development and knowledge sharing. Internal expert communities provide a comfortable environment where you can develop your skillset in areas such as blockchain, Big Data, cloud computing or artificial intelligence.

You will work in a stable company (32 years on the market) in demanding and challenging projects for the biggest financial institutions in the world.

What will you do?

As a Security Specialist your main responsibility will be handling vulnerabilities – either reported by different sources or found during your own offensive engagements.

Main job tasks and responsibilities:

• Performing security analysis and pentests of company systems (assessments can cover full-stack applications, on-prem and cloud infrastructure, mixed client environments, mobile applications)
• Managing findings of pentests – both own and externally performed (preparing recommendations, guiding owners and administrators, verifying mitigations and fixes)
• Conducting risk, network and vulnerability evaluations against defined security requirements
• Supporting stakeholders with managing any security topics, performing analysis on both high level (architecture) and low level (configuration, communication, protocols)
• Providing deep technical advisory to the internal IT teams to follow the best security practices
• Designing and performing red-team exercises against internal infrastructure and assets
• Supporting  blue-team in resolving findings from abovementioned exercises and improving detection, reporting and alerting
• Supporting Vulnerability Management and Patch Management processes
• Managing and extending the process of external perimeter security maintenance
• Contributing to common knowledge base on cyber security / information security
• Support internal IT teams in implementing security requirements and security good practices
• Implementation, deployment, maintenance and development of security systems (scanners, honeypots etc)

Your skills:

• At least 6 years of experience in IT required
• At least 3 years of experience in IT Security required
• Good English written/verbal communication skills
• Being familiar with the basic security concepts: CIA triad+, Mitre ATT&CK, least privileges, AuthZ, AuthN, SoD, data security "at rest” and  “in-transit”
• Experience working as a pentester attacking webapps, API’s, networks, and more. Blackbox, greybox and whitebox. Familiar with testing methodologies
• Experience in defining testing scopes and executing accordingly
• Experience in offensive tactics against end-users in corporate Windows/MacOS environment
• Programming/scripting experience (both for source code analysis and daily task automation), hands-on powershell experience would be appreciated
• Proficiency with standard open source tools in Linux/MacOS/Windows environments
• Good understanding of the primitives of cryptography and key management best practices
• A Bachelor in Computer Science or similar
• Ability to work autonomously and to lead tasks assigned from the beginning to the end
• Being able to work with many tasks at the same time
• Good team skills, open for other cultures

We offer you:

• Working in a highly experienced and dedicated team
• Competitive salary and extra benefit package that can be tailored to your personal needs (private medical coverage, sport & recreation package, lunch subsidy, life insurance, etc.)
• Permanent after 3-months' probation 
• On-line training and certifications fit for career path
• Budget for conferences
• Free on-line foreign languages lessons
• Regular social events
• Access to e-learning platform
• Ergonomic and functional working space with 2 monitors (you can also borrow monitors for your home office)