World
Country
Language

poland Poland

portugal Portugal

netherlands Netherlands

CSST Analyst

  • Hybrid/On-site
  • English
  • Banking
  • Expert/Senior
  • Agile/Scrum
Dodaj do koszyka POLEĆ KANDYDATA

Join us, and turn security threats into actionable insights!

Kraków – based opportunity with hybrid work model (6 days/month in the office)

As a CSST Analyst, you will be working for our client, a globally recognized financial services provider committed to strengthening its cybersecurity posture. You are contributing to a dynamic and rapidly evolving Bug Bounty Program, where identifying, analyzing, and helping remediate security vulnerabilities is key. You are engaging with internal teams and external researchers, ensuring clear communication, prioritizing threat reports, and driving improvements in tooling, automation, and process design. You are playing a vital role in reducing risk, improving secure development practices, and aligning the program with the broader cybersecurity strategy.

Your main responsibilities: Analyzing and prioritizing security vulnerability reports from the Bug Bounty Program

  • Reproducing and validating reported vulnerabilities to confirm impact
  • Performing root cause analysis to support effective remediation
  • Communicating with internal technical and non-technical stakeholders
  • Engaging with external security researchers on reported findings
  • Advising teams on secure development practices and remediation strategies
  • Collaborating across departments to track and monitor resolution of findings
  • Driving improvements in tooling, automation, and workflow efficiency
  • Supporting the maturity and scalability of the Bug Bounty Program
  • Documenting and maintaining records of findings and actions taken

You’re ideal for this role if you have:

  • At least 4 years of hands-on experience in penetration testing
  • Strong understanding of web, mobile, and infrastructure security testing
  • Excellent communication skills in English, both written and verbal
  • Proven programming or scripting experience in one or more languages
  • Critical thinking skills and ability to articulate risks clearly
  • Deep knowledge of TCP/IP and security implications of networking
  • Familiarity with dynamic and static application security testing tools
  • Understanding of software development lifecycles and DevOps environments
  • Subject matter expertise in at least one pentesting domain
  • Demonstrated ability to work independently and solve complex problems

It is a strong plus if you have:

  • Previous participation in Bug Bounty Programs
  • Experience with OWASP MASVS, MSTG, and mobile app security standards
  • Security testing or development experience with iOS and Android platforms
  • Knowledge of secure authentication mechanisms such as JWT, SAML, OAuth2
  • Familiarity with security tools like SAST, DAST, and IAST
  • Experience performing security code reviews in Java, Kotlin, Swift, or Objective C
  • Background in enterprise cloud-hosted application testing
  • Prior experience with mobile app reverse engineering or disassembly
  • Practical knowledge of platform security models for iOS and Android
  • Understanding of secure application design and cryptographic implementations

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at cv-recruitment@itds.pl.

Internal number #7498

Benefits

Access to +100 projects
Access to Healthcare
fintech-delivery
Access to Multisport
Training platforms
Access to Pluralsight
Make your CV shine
B2B or Permanent Contract
Flexible & remote work
Flexible hours and remote work

Aplikuj na to stanowisko

    Wyrażam zgodę na otrzymywanie informacji marketingowych od ITDS Polska na podany adres e-mail.
    Administratorem Twoich danych osobowych jest ITDS Polska sp. z o.o. Przetwarzamy Twoje dane osobowe w celu prowadzenia rekrutacji na wybrane stanowiska, informowania Cię o podobnych ofertach pracy w przyszłości oraz w celu realizacji innych prawnie uzasadnionych interesów ITDS, takich jak obsługa korespondencji, zabezpieczenie naszych procesów rekrutacyjnych lub dochodzenie/obrona przed roszczeniami. Ponadto, przekazując ITDS dane osobowe w zakresie określonym w art. 22(1a) § 1 Kodeksu pracy, wyrażasz zgodę na ich przetwarzanie przez ITDS w celu rekrutacji. Przysługuje Ci prawo do cofnięcia zgody (cofnięcie zgody nie wpływa na zgodność z prawem przetwarzania, którego dokonano na podstawie zgody przed jej cofnięciem), żądania dostępu do danych osobowych, ich sprostowania, usunięcia lub ograniczenia przetwarzania; wniesienia sprzeciwu wobec przetwarzania, a także prawo do przenoszenia danych; wniesienia skargi do organu nadzoru. Więcej informacji można znaleźć w naszej Polityce Prywatności lub kontaktując się z nami pod adresem privacy@itds.pl.

    Naruszenia można zgłaszać zgodnie z Procedurą Sygnalizowania Nieprawidłowości ITDS, dostępną pod linkiem.