CSST Analyst

Join us, and turn security threats into actionable insights!

Kraków – based opportunity with hybrid work model (6 days/month in the office)

As a CSST Analyst, you will be working for our client, a globally recognized financial services provider committed to strengthening its cybersecurity posture. You are contributing to a dynamic and rapidly evolving Bug Bounty Program, where identifying, analyzing, and helping remediate security vulnerabilities is key. You are engaging with internal teams and external researchers, ensuring clear communication, prioritizing threat reports, and driving improvements in tooling, automation, and process design. You are playing a vital role in reducing risk, improving secure development practices, and aligning the program with the broader cybersecurity strategy.

Your main responsibilities: Analyzing and prioritizing security vulnerability reports from the Bug Bounty Program

• Reproducing and validating reported vulnerabilities to confirm impact
• Performing root cause analysis to support effective remediation
• Communicating with internal technical and non-technical stakeholders
• Engaging with external security researchers on reported findings
• Advising teams on secure development practices and remediation strategies
• Collaborating across departments to track and monitor resolution of findings
• Driving improvements in tooling, automation, and workflow efficiency
• Supporting the maturity and scalability of the Bug Bounty Program
• Documenting and maintaining records of findings and actions taken

You’re ideal for this role if you have:

• At least 4 years of hands-on experience in penetration testing
• Strong understanding of web, mobile, and infrastructure security testing
• Excellent communication skills in English, both written and verbal
• Proven programming or scripting experience in one or more languages
• Critical thinking skills and ability to articulate risks clearly
• Deep knowledge of TCP/IP and security implications of networking
• Familiarity with dynamic and static application security testing tools
• Understanding of software development lifecycles and DevOps environments
• Subject matter expertise in at least one pentesting domain
• Demonstrated ability to work independently and solve complex problems

It is a strong plus if you have:

• Previous participation in Bug Bounty Programs
• Experience with OWASP MASVS, MSTG, and mobile app security standards
• Security testing or development experience with iOS and Android platforms
• Knowledge of secure authentication mechanisms such as JWT, SAML, OAuth2
• Familiarity with security tools like SAST, DAST, and IAST
• Experience performing security code reviews in Java, Kotlin, Swift, or Objective C
• Background in enterprise cloud-hosted application testing
• Prior experience with mobile app reverse engineering or disassembly
• Practical knowledge of platform security models for iOS and Android
• Understanding of secure application design and cryptographic implementations

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at cv-recruitment@itds.pl.

Internal number #7498