Cyber Security Engineer / Senior Security Engineer

Format: full time, Warsaw, office / hybrid
Level: Senior
 

Context and mission

We are scaling IT and building the company’s security program on top of modern best practices. We are looking for an experienced specialist who will own the architecture and implementation of security controls in a Zero Trust, risk based and defense in depth paradigm. We align with frameworks such as NIST CSF 2.0, ISO 27001, CIS Controls v8, NIST SP 800-207 and MITRE ATT&CK.
 

What you are expected to achieve in the first 6-12 months

• Assess the current state of security and define a target architecture and roadmap with risk based prioritization.
• Bring order to identities and access: SSO, MFA, conditional access, least privilege, JIT and PAM.
• Close foundational technical controls: disk encryption, configuration baselines, patch and vulnerability management, monitoring and logging.
• Establish an operational security function: telemetry collection and correlation, detection rules, incident response playbooks, testing and post incident reviews.
• Improve data protection: classification, DLP, egress and shadow channel control, minimization of access to critical assets.
• Define processes and metrics: response SLA, MTTD and MTTR, control coverage, vulnerability remediation by priority, employee awareness.
   

Scope of responsibility

• Security architecture and technical roadmap aligned with business risks and budgets.
• Identity and access: IdP, IAM and IGA, MFA, conditional access, RBAC and ABAC, PAM for admins and service accounts.
• Endpoints and servers: EDR or XDR, encryption, configuration baselines, patch and update management.
• Network and access: ZTNA and SSE or SASE, segmentation, remote access policies.
• Data and email: classification and labeling, DLP, protection of email and collaboration tools.
• Cloud and code: CSPM and CIEM, secrets management, policies for container images and registries, CI integration.
• SecOps: log collection, SIEM and SOAR, playbooks, tests and exercises, collaboration with IT, DevOps, Legal.
• Vulnerabilities: scanning, risk based prioritization, remediation SLAs, reporting.
• Policies and training: policy and standard level documents, concise user facing guidance, phishing simulations.
   

Technology focus and vendor stacks

The candidate should have solid hands on experience in part of the areas listed below. We expect depth in at least two of them and practical understanding of how they integrate.

• IdP and IAM: Microsoft Entra ID, Okta, Ping, Google Cloud Identity. IGA: SailPoint.
• PAM: CyberArk, Delinea, BeyondTrust.
• EDR and XDR: Microsoft Defender, CrowdStrike Falcon, SentinelOne, Palo Alto Cortex XDR, Sophos.
• MDM and UEM: Microsoft Intune, Jamf, Kandji, VMware Workspace ONE.
• SSE and ZTNA or SASE: Zscaler, Palo Alto Prisma Access, Cloudflare Zero Trust, Netskope.
• Email and collaboration: Microsoft Defender for Office 365, Proofpoint, Mimecast, Google Workspace Security.
• DLP and classification: Microsoft Purview, Netskope, Symantec DLP, Forcepoint.
• SIEM and SOAR: Microsoft Sentinel, Splunk, Google Chronicle, Elastic.
• CSPM and CIEM and KSPM: Wiz, Prisma Cloud, Lacework, Orca, Snyk, Aqua.
• Vulnerabilities: Tenable, Qualys, Rapid7.
• Secrets and keys: HashiCorp Vault, 1Password Business, Bitwarden, cloud native KMS.
• Backup and immutability: Veeam, Rubrik, Cohesity.
• EASM and ASM: Cortex Xpanse, Randori, Defender EASM.
• Security for code and pipelines: GitHub Advanced Security, Semgrep, SonarQube, Snyk, Trivy.
   

Requirements

• 5-7 years of experience in security or closely related fields with a strong focus on engineering implementation and operations.
• Practical experience designing and implementing controls aligned with NIST CSF or ISO 27001 or CIS Controls with measurable impact.
• Deep expertise in at least two technology families from the list above and understanding of how IdP, EDR, SIEM, DLP, PAM and SSE fit together.
• Ability to design detection and response: correlation rules, telemetry enrichment, playbooks and KQL or SPL or SQL based queries.
• Hands on vulnerability and patch management on Windows, macOS and Linux, with risk and exploit based prioritization.
• Automation skills: Python or Bash scripting, APIs and webhooks, infrastructure as code for policies and configurations.
• Communication and documentation skills: clear policies and standards, reports for leadership, coordination with IT and DevOps.
• English sufficient for working with documentation and vendors.
   

Nice to have

• Experience with audits and certifications: ISO 27001 or SOC 2 or NIS2 or GDPR.
• Practical implementation of Zero Trust, ZTNA and replacement of traditional VPN models.
• Experience with tabletop exercises and post incident analysis.
• Knowledge of MITRE ATT&CK and threat modeling tools.
   

KPI and success metrics

• MFA coverage for critical systems at 100 percent.
• EDR coverage and disk encryption at 100 percent.
• MTTD and MTTR for P1 and P2 within agreed SLAs.
• Vulnerability remediation SLAs: P1 within 7 days, P2 within 30 days, P3 within 90 days.
• Reduction of successful phishing click rate to the target threshold based on simulation results.
• Reduction of unauthorized egress events according to DLP or SSE data.
• Regular risk and control status reporting to leadership.