Mid Cybersecurity Engineer - AppSec/SecDev
Offer summary

(Summary generated by AI based on the full job description)

The project focuses on fintech security addressing large-scale challenges in cloud and on-prem environments. Core technologies include SAST/DAST/SCA, CI/CD, microservices, cloud security, AI model security. Responsibilities involve penetration testing, vulnerability management, architecture reviews, embedding security in SDLC, leading threat modeling sessions, and team development.

new

Mid Cybersecurity Engineer - AppSec/SecDev

Company: Allegro

from: 7 July 2026
to: 6 August 2026
salary not specifiedcontract of employment (full-time)
Offer parameters
level:mid
working mode:hybrid
Warszawa, Wola
Warszawa, WolaŻelazna 51/53View on map

Requirements

Operating system

Windows

Our requirements

  • Proven track record in deep-dive manual penetration testing of web/mobile applications, APIs and AI-driven features, alongside strong secure code review skills.
  • Solid understanding of financial tech security standards and regulations, including PCI-DSS, PSD3/DORA, OWASP Top 10 (and API Top 10), and secure data handling (PII/banking data protection).
  • Practical experience embedding security into the SDLC. Ability to analyze software architectures, review new feature proposals, and lead threat modeling sessions to ensure security controls are integrated from day one.
  • Hands-on experience designing, tuning, and deploying SAST, DAST, and SCA solutions inside fast-paced CI/CD pipelines without blocking deployment velocity.
  • Strong ability to independently triage, risk-score, and manage vulnerabilities across APIs, microservices, and financial infrastructure.
  • Familiarity with microservices architectures, cloud environment security, containerization, and secure system configuration.
  • A self-starter mindset with the ability to take full ownership of tasks, estimate effort, and clearly communicate actionable security guidance to engineering and product teams.

Your responsibilities

  • Design, execute, and report manual and automated security tests across APIs, microservices, and fintech infrastructure, identifying vulnerabilities and assessing business risks.
  • Manage the vulnerability lifecycle from identification and risk-scoring (tailored to financial impact) to tracking remediation with engineering teams.
  • Review architectural designs and new financial feature proposals, serving as the main security liaison for engineering teams and driving collaborative threat modeling sessions.
  • Support DevSecOps practices by integrating and fine-tuning automated security mechanisms (SAST/DAST/SCA) into the CI/CD pipeline, reducing technical debt while maintaining release velocity.
  • Support the development of the secure system configurations, monitor cloud applications, and preventive measures against emerging fintech threat vectors.
  • Collaborate with product and tech teams, consulting on security-enhancing solutions and verifying their implementation.
  • Partner closely with product and tech teams during ceremonies (design, grooming) to consult on security-enhancing solutions and verify their successful implementation.
  • Take ownership of impactful security initiatives from design through delivery, providing clear estimates, prioritization, and independent problem resolution.
  • Contribute to raising the team’s security maturity by creating documentation, hosting knowledge-sharing sessions, mentoring newcomers, and supporting the technical hiring process.

About the project

Flexible working hours in the hybrid model (4/1) - working hours start between 7:00 a.m. and 9:00 a.m. We also have 30 days of occasional remote work.
Annual bonus based on your annual performance and company results.
Our team is based in Warsaw and Poznań.

About the job

  • Massive Scale & Security Challenges: Secure, test and optimize a world-class, cloud and on-prem environment handling thousands of requests per minute. This is high-availability, high-performance security engineering in practice.
  • Modern Tech Stack: Work within an advanced ecosystem where core technologies include specialized offensive and defensive security tools, automated SAST/DAST pipelines, C2 frameworks and cutting-edge cryptography. We are also pioneering the security of production-used AI models.
  • True Ownership & Autonomy: We live by a "you build it, you run it" philosophy. You'll join an autonomous team with full ownership of your security services - from threat modeling and attack simulation to deploying protective guardrails.
  • Complex Architectural Puzzles: From securing distributed systems to tackling novel AI vulnerabilities, you'll solve complex engineering problems that directly protect a massive, real-time marketplace.

#goodtobehere means that:

  • You will join a team you can count on - we work with top-class specialists who have knowledge- and experience-sharing in their DNA.
  • You will love our level of autonomy in team organization, the space for continuous development, and the opportunity to try new things. You get to choose which technology solves the problem and you are responsible for what you create.
  • You will be equipped with modern AI tools to automate repetitive tasks, allowing you to focus on analyzing complex threats, developing advanced security automation, and refining secure architectures.
  • You will meet the Allegro Scale, which starts with over 1000 microservices, an open-source data bus (Hermes) with 300K+ rps, a Service Mesh with 1M+ rps, tens of petabytes of data, and production-used machine learning.
  • You will become part of Allegro Tech - We speak at industry conferences, cooperate with tech communities, run our own blog (it's been over 10 years!), record podcasts, lead guilds, and we organize our own internal conference - the Allegro Tech Meeting. We create solutions we love (and can) to talk about!
Company

What we offer

  • Well-located offices (with e.g. fully equipped kitchens, bicycle parking, terraces full of greenery) and excellent work tools (e.g., raised desks, ergonomic chairs, interactive conference rooms).
  • A 16" or 14" MacBook Pro or corresponding Dell with Windows (if you don't like Macs) and all the necessary accessories.
  • A wide selection of fringe benefits in a cafeteria plan - you choose what you like (e.g., medical, sports or lunch packages, insurance, purchase vouchers).
  • English classes that we pay for related to the specific nature of your job.
  • A training budget, inter-team tourism (see more here), hackathons, and an internal learning platform where you will find multiple trainings.
  • An additional day off for volunteering, which you can use alone, with a team, or with a larger group of people connected by a common goal.
  • Social events for Allegro people - Spin Kilometers, Family Day, Fat Thursday, Advent of Code, and many other occasions we enjoy.

Benefits

  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of foreign language classes
  • sharing the costs of professional training & courses
  • life insurance
  • flexible working time
  • integration events
  • no dress code
  • leisure zone
  • extra social benefits
Mid Cybersecurity Engineer - AppSec/SecDev
I apply to:
Allegro
Warszawa, Wola
Pracodawca zbiera zgłoszenia przez swój system.
Przejdziesz na zewnętrzny formularz.

By clicking "Aplikuj" you confirm that you've read and accepted our Terms and Conditions.


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Need more information?

  • Make sure the body of the offer doesn’t already include what you’re looking for.
  • Ask a question if you need more information you’re interested in.
  • We’ll forward your question to the employer and aim to provide a response within 3 business days.

Share this offer