Infosec Engineer II - Security Operations Team
QualtricsKnow what your customers and employees need, when they need it, and deliver it every time with powerful, AI driven Experience Management (XM) software.
At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.
When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that’s work worth doing
Application Security Engineer II - Platform Security Team
As Qualtrics continues to expand the Experience Management (XM) platform, we must ensure that we’re protecting our customers and their data by building and operating secure systems. As over a thousand software & system engineers contribute to Qualtrics XM every day, we have a large attack surface to evaluate and secure.Qualtrics is looking for an experienced security engineer and penetration tester with a passion for security and the aptitude to uncover difficult-to-identify security bugs which require detailed knowledge of our complex systems. The selected candidate will provide subject matter expertise within the Application Security team and across the product engineering organization.
The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, security operations and incident response, and security assurance.
A Day in the Life
- Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applications
- Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testing
- Manage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
- Organize and lead internal purple and red team exercises to systematically evaluate Qualtrics environments for security flaws
- Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
- Review source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards
- Document and improve secure SDL processes, standards and guidelines
- Deliver training and provide mentoring to software engineers on security topics
- Facilitate threat modeling exercises to ensure optimized security design decisions are being made
- Make recommendations for architecture & design improvements to address recurring issues
- Automate redundant tasks for assessment and related activities in order to optimize our team’s efficiency and reach
The Expectation for Success
You will work effectively with the Qualtrics product engineering organization and fellow security engineers, providing reliable technical security expertise to identify and resolve security issues. You will seek to streamline and automate processes in order to deliver maximum results in limited time.
Skills That Will Lead to Success
- Bachelor’s degree in Computer Science or a related field
- Minimum 2 years of relevant work experience
- At least one year performing manual web application penetration testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
- Experience performing security reviews of source code & software/system designs
- Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
- Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)
- Experience with assessing and securing large, complex SaaS applications
- Experience leading threat modeling exercises
- Experience leading security projects and initiatives
- One or more relevant security certifications (CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
- Familiarity with AWS, Docker, Kubernetes, Linux and similar technologies
- iOS/Android mobile application pentesting experience
- Prior software development experience
- Annual Leave: 20 or 26 annual leave days per annum plus an additional day for each year of service (to a max of 5).
- Private Medical Insurance- Luxmed health & dental cover for you and your dependants.
- Commuter Assistance- Up to the value of 80 PLN net a month for public transport.
- Savings Plan- Two company saving plans provided by Nationale Nederlanden: Employee Capital Plan (PPK) & Employee Saving Plan (PPO)
- QED PROGRAM- Qualtrics Engineer Development (QED) program: support, engineering learning activities up to 10% of engineering work time each quarter.
- Wellness- Up to the value of 800PLN gross per quarter can be reimbursed for a variety of wellness activities via our dedicated platform Twic.
- A choice of Multispot cards available.
- Our employee assistance program with Unum provides counselling and wellbeing support to all employees
- Experience bonus- 7000 PLN gross per annum. Qualtrics experience bonus is a program designed to provide experiences to our employees they might not otherwise have.
- Group Life & Income Protection Insurance
- Glasses/Contact lenses Reimbursement
- Free breakfasts, lunches, snacks, and drinks for everyone in the office
- Tax-deductible expenses (up to 75% depending on role)
Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act
Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android Application security AWS Burp Suite CEH Cloud Computer Science DAST Docker Golang GPEN GWAPT GXPN IAST Incident response iOS Java Kubernetes Linux Node.js OSCP OWASP Pentesting Polygraph Python Red team SaaS SAST Vulnerabilities Vulnerability management
More jobs like this
Communications House,, Staines-Upon-Thames, United … Communications House,, Staines-Upon-Thames, United Kingdom Full TimeSenior Senior-levelUSD 135K - 220K * USD 135K+ *
Mobile Security Engineer - CertificationAndroid Banking C Finance Industrial Linux +7
Competitive pay Flex hours Gear Home office stipend Salary bonus
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs