Infosec Engineer II - Security Operations Team

Krakow, Poland


Know what your customers and employees need, when they need it, and deliver it every time with powerful, AI driven Experience Management (XM) software.

View company page

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers. 
When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that’s work worth doing


Application Security Engineer II - Platform Security Team

The Challenge

As Qualtrics continues to expand the Experience Management (XM) platform, we must ensure that we’re protecting our customers and their data by building and operating secure systems. As over a thousand software & system engineers contribute to Qualtrics XM every day, we have a large attack surface to evaluate and secure.

Qualtrics is looking for an experienced security engineer and penetration tester with a passion for security and the aptitude to uncover difficult-to-identify security bugs which require detailed knowledge of our complex systems. The selected candidate will provide subject matter expertise within the Application Security team and across the product engineering organization.

The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, security operations and incident response, and security assurance.


A Day in the Life

  • Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applications
  • Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testing
  • Manage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
  • Organize and lead internal purple and red team exercises to systematically evaluate Qualtrics environments for security flaws
  • Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
  • Review source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards
  • Document and improve secure SDL processes, standards and guidelines
  • Deliver training and provide mentoring to software engineers on security topics
  • Facilitate threat modeling exercises to ensure optimized security design decisions are being made
  • Make recommendations for architecture & design improvements to address recurring issues
  • Automate redundant tasks for assessment and related activities in order to optimize our team’s efficiency and reach


The Expectation for Success

You will work effectively with the Qualtrics product engineering organization and fellow security engineers, providing reliable technical security expertise to identify and resolve security issues. You will seek to streamline and automate processes in order to deliver maximum results in limited time.


Skills That Will Lead to Success

  • Bachelor’s degree in Computer Science or a related field
  • Minimum 2 years of relevant work experience
  • At least one year performing manual web application penetration testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
  • Experience performing security reviews of source code & software/system designs
  • Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
  • Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)


Preferred Qualifications

  • Experience with assessing and securing large, complex SaaS applications
  • Experience leading threat modeling exercises
  • Experience leading security projects and initiatives
  • One or more relevant security certifications (CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
  • Familiarity with AWS, Docker, Kubernetes, Linux and similar technologies
  • iOS/Android mobile application pentesting experience
  • Prior software development experience


Our Team’s Favourite Perks and Benefits
  • Annual Leave: 20 or 26 annual leave days per annum plus an additional day for each year of service (to a max of 5).
  • Private Medical Insurance- Luxmed health & dental cover for you and your dependants.
  • Commuter Assistance- Up to the value of 80 PLN net a month for public transport.
  • Savings Plan- Two company saving plans provided by Nationale Nederlanden: Employee Capital Plan (PPK) & Employee Saving Plan (PPO)
  • QED PROGRAM- Qualtrics Engineer Development (QED) program: support, engineering learning activities up to 10% of engineering work time each quarter.
  • Wellness- Up to the value of 800PLN gross per quarter can be reimbursed for a variety of wellness activities via our dedicated platform Twic.
  • A choice of Multispot cards available.
  • Our employee assistance program with Unum provides counselling and wellbeing support to all employees
  • Experience bonus- 7000 PLN gross per annum. Qualtrics experience bonus is a program designed to provide experiences to our employees they might not otherwise have.
  • Group Life & Income Protection Insurance
  • Glasses/Contact lenses Reimbursement
  • Free breakfasts, lunches, snacks, and drinks for everyone in the office
  • Tax-deductible expenses (up to 75% depending on role)


Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.
Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act

Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.
Qualtrics Work Experience - As we look to the future, we believe that our teams are better together. Being together will help us learn more, grow faster and ultimately deliver better results for our customers and Qualtrics. Roles tied to an office location work 4 days per week in the office together and 1 day from home, with a strong spirit of flexibility around taking time for personal, health, and family moments in our work weeks. Our managers work with their teams to create a collaborative, engaged work environment, and arrangement that works for each of our team members.
Not finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.


Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Android Application security AWS Burp Suite CEH Cloud Computer Science DAST Docker Golang GPEN GWAPT GXPN IAST Incident response iOS Java Kubernetes Linux Node.js OSCP OWASP Pentesting Polygraph Python Red team SaaS SAST Vulnerabilities Vulnerability management

Perks/benefits: Career development Health care Home office stipend Insurance Medical leave Salary bonus Signing bonus Startup environment Team events Wellness

Region: Europe
Country: Poland
Job stats:  15  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.