Senior AI Application Security Engineer

No day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, you’ll need to stay on your toes and ahead of the game.

Your core responsibility is to guide and support the developer teams in delivering and  deploying secure banking solutions. You will analyze the software from a security perspective and identify and resolve security issues. You provide guidance and workshops to developers and QA engineers on secure coding, security testing and working with security tools. Your input helps to improve security in the SDLC with its tools and processes. You validate that application security requirements have been met. You perform security code reviews and suggest improvements to development teams. You will work closely with the customer-facing development teams and operations teams. You mentor new team members and act as the go-to person for security in your area.

What you’ll do

Looking for a journey instead of a job? Then let’s talk! We are THE pioneers in banking tech. We see opportunities and take the leap. Having the guts to push limits and break barriers to make things happen. We learn and reinvent ourselves for maximum impact, never giving up. We are creators, with a customer-centric mindset that love what they do and bring fun to any challenge. Together we kick ass, have fun and feel proud when our vision is delivered. Next day - we wake up and raise the bar a little higher. Are you ready?

As a Senior Application Security Engineer you’ll be part of the team of security engineers working to ensure we build, maintain and deploy secure software that is used by millions of users around the globe. If you have a hacker mindset, are passionate about security and always looking to extend your knowledge, then this is the place for you. 

Who you are

In order to really own this role, we think you’ll need:

• Good understanding of application security and common application security vulnerabilities;
• Good understanding of  LLM and programming languages commonly used in AI development, such as Python

• Good understanding of OWASP Top 10 for LLM applications
• Good understanding of DevOps and cloud native technologies;
• Successful track record in identifying, triaging, and resolving security issues, including both application vulnerabilities and AI-specific threats 
• A background in development and a good understanding of the SDLC;
• English language on a professional level, written and spoken.
• Based in Kraków and ready to come to the office

We’ll be delighted if you bring experience in the following topics but otherwise these would be opportunities for you to grow your knowledge working in the security team:

• Implementing OWASP ASVS/M-ASVS and SKF;
• Implementing SAST, SCA, IAST and RASP tools in the SDLC;
• Facilitating threat modeling sessions for application and AI systems, identifying risks across traditional and AI-driven platforms.;
• Experience in penetration testing for web, mobile, and AI applications, with specific focus on assessing model vulnerabilities to adversarial attacks and other AI-specific security concerns.
• Training and guiding developers on application security concepts;
• Relevant regulations such as GDPR and PCI-DSS.