World
Country
Language

poland Poland

portugal Portugal

netherlands Netherlands

CSST Analyst

  • Hybrid/On-site
  • English
  • Banking
  • Senior
  • Agile
Add to Job Cart RECOMMEND A CANDIDATE

Join us, and turn security threats into actionable insights!

Kraków – based opportunity with hybrid work model (6 days/month in the office)

As a CSST Analyst, you will be working for our client, a globally recognized financial services provider committed to strengthening its cybersecurity posture. You are contributing to a dynamic and rapidly evolving Bug Bounty Program, where identifying, analyzing, and helping remediate security vulnerabilities is key. You are engaging with internal teams and external researchers, ensuring clear communication, prioritizing threat reports, and driving improvements in tooling, automation, and process design. You are playing a vital role in reducing risk, improving secure development practices, and aligning the program with the broader cybersecurity strategy.

Your main responsibilities: Analyzing and prioritizing security vulnerability reports from the Bug Bounty Program

  • Reproducing and validating reported vulnerabilities to confirm impact
  • Performing root cause analysis to support effective remediation
  • Communicating with internal technical and non-technical stakeholders
  • Engaging with external security researchers on reported findings
  • Advising teams on secure development practices and remediation strategies
  • Collaborating across departments to track and monitor resolution of findings
  • Driving improvements in tooling, automation, and workflow efficiency
  • Supporting the maturity and scalability of the Bug Bounty Program
  • Documenting and maintaining records of findings and actions taken

You’re ideal for this role if you have:

  • At least 4 years of hands-on experience in penetration testing
  • Strong understanding of web, mobile, and infrastructure security testing
  • Excellent communication skills in English, both written and verbal
  • Proven programming or scripting experience in one or more languages
  • Critical thinking skills and ability to articulate risks clearly
  • Deep knowledge of TCP/IP and security implications of networking
  • Familiarity with dynamic and static application security testing tools
  • Understanding of software development lifecycles and DevOps environments
  • Subject matter expertise in at least one pentesting domain
  • Demonstrated ability to work independently and solve complex problems

It is a strong plus if you have:

  • Previous participation in Bug Bounty Programs
  • Experience with OWASP MASVS, MSTG, and mobile app security standards
  • Security testing or development experience with iOS and Android platforms
  • Knowledge of secure authentication mechanisms such as JWT, SAML, OAuth2
  • Familiarity with security tools like SAST, DAST, and IAST
  • Experience performing security code reviews in Java, Kotlin, Swift, or Objective C
  • Background in enterprise cloud-hosted application testing
  • Prior experience with mobile app reverse engineering or disassembly
  • Practical knowledge of platform security models for iOS and Android
  • Understanding of secure application design and cryptographic implementations

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at cv-recruitment@itds.pl.

Internal number #7498

Benefits

Access to Healthcare
fintech-delivery
Access to Multisport
Training platforms
Access to Pluralsight

Apply for this job now

    I agree to receive marketing information from ITDS Polska to the e-mail address provided
    The data controller of your personal data is ITDS Polska sp. z o.o. We process your personal data for recruitment process for selected jobs, to inform you of similar jobs in the future and to pursue ITDS's other legitimate interests, such as handling correspondence, securing our recruitment processes or pursuing/defending against claims. Also, by providing ITDS with personal data in the scope specified in art. 22(1a) § 1 of Labor Code, you agree that ITDS will process them for the purpose of recruitment. You have the right to withdraw your consent (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal), request access to personal data, their rectification, deletion or restriction of processing; to object to processing, as well as the right to data portability; to lodge a complaint with the supervising authority. Please find more information in our Privacy Policy.

    You can report violations in accordance with ITDS's Whistleblower Procedure available here.