Cybersecurity Engineer 2

Important things for you

• 
  

  Flexible working hours in the hybrid model (4/1) - working hours start between 7:00 a.m. and 9:00 a.m. We also have 30 days of occasional remote work.

  
  


• 
  

  Annual bonus based on your annual performance and company results.

  
  


• 
  

  Our team is based in Warsaw and Poznań.

  
  

About the job

• Massive Scale & Security Challenges: Secure, test and optimize a world-class, cloud and on-prem environment handling thousands of requests per minute. This is high-availability, high-performance security engineering in practice.


• Modern Tech Stack: Work within an advanced ecosystem where core technologies include specialized offensive and defensive security tools, automated SAST/DAST pipelines, C2 frameworks and cutting-edge cryptography. We are also pioneering the security of production-used AI models.


• True Ownership & Autonomy: We live by a "you build it, you run it" philosophy. You'll join an autonomous team with full ownership of your security services - from threat modeling and attack simulation to deploying protective guardrails.


• Complex Architectural Puzzles: From securing distributed systems to tackling novel AI vulnerabilities, you'll solve complex engineering problems that directly protect a massive, real-time marketplace.

We are looking for people who

• Want to be proud of the impact they make; they value high-quality security reviews and engage in substantive discussions on software engineering and security best practices;


• Are open to developing soft skills and embracing a growth mindset through active participation in team retrospectives and cross-team collaborations;


• Are excited about adopting and securing AI technologies, being ready to incorporate AI coding and security assistants into their daily work to maximize efficiency;


• Can look for effective, business-enabling solutions to the security requirements set by our ecosystem;


• Want to constantly develop and update their knowledge in a rapidly shifting threat landscape;


• Know English at at least B2 level and Polish at C1 level.

• Demonstrate high independence and a self-driven approach - you are capable of taking full, end-to-end ownership of offensive engagements (from scoping and initial preparation, through execution, to final reporting and remediation guidance);


• Have hands-on experience managing Red Team operational environments, including Command & Control (C2) frameworks, redirectors and supporting infrastructure;


• Can develop custom payloads, loaders, and exploitation scripts (bypassing modern EDR/XDR) with minimal reliance on public tools;


• Are skilled in executing operations across the MITRE ATT&CK framework in cloud and on-prem environments;


• Are keen on leveraging automation and AI-assisted techniques to improve reconnaissance efficiency and innovate offensive tactics;


• Are skilled in executing operations across the MITRE ATT&CK framework (lateral movement, persistence, evasion) in cloud and on-prem environments;


• Possess deep expertise in manual network/web application exploitation and conducting end-to-end sociotechnical/phishing assessments.

• Have a strong track record in deep-dive manual penetration testing of web/mobile applications, API, AI and secure code reviews.


• Possess practical experience in securing the SDLC - serving as the main liaison for engineering teams, driving threat modeling sessions and delivering actionable security guidance during software development;


• Understand software architecture and development practices - you can review architectural designs and new feature proposals to ensure security controls are embedded from day one (security by design);


• Know how to design, tune and deploy SAST/DAST solutions inside fast-paced CI/CD pipelines without blocking deployment velocity;


• Have experience managing Bug Bounty programs, triaging external vulnerability reports and scripting custom security automation workflows;


• Possess specialized knowledge of AI & LLM Security - you understand modern attack vectors against AI systems (e.g., prompt injection, data leakage, model manipulation) and know how to test them;


• Know how to translate emerging AI regulations (specifically the EU AI Act) into practical technical controls, including establishing guardrails and secure configurations for AI coding agents used by developers.

What's in it for you:

• Well-located offices (with e.g. fully equipped kitchens, bicycle parking, terraces full of greenery) and excellent work tools (e.g., raised desks, ergonomic chairs, interactive conference rooms).


• A 16" or 14" MacBook Pro or corresponding Dell with Windows (if you don't like Macs) and all the necessary accessories.


• A wide selection of fringe benefits in a cafeteria plan - you choose what you like (e.g., medical, sports or lunch packages, insurance, purchase vouchers).


• English classes that we pay for related to the specific nature of your job.


• A training budget, inter-team tourism (see more here), hackathons, and an internal learning platform where you will find multiple trainings.


• An additional day off for volunteering, which you can use alone, with a team, or with a larger group of people connected by a common goal.


• Social events for Allegro people - Spin Kilometers, Family Day, Fat Thursday, Advent of Code, and many other occasions we enjoy.

#goodtobehere means that:

• You will join a team you can count on - we work with top-class specialists who have knowledge- and experience-sharing in their DNA.


• You will love our level of autonomy in team organization, the space for continuous development, and the opportunity to try new things. You get to choose which technology solves the problem and you are responsible for what you create.


• You will be equipped with modern AI tools to automate repetitive tasks, allowing you to focus on analyzing complex threats, developing advanced security automation, and refining secure architectures.


• You will meet the Allegro Scale, which starts with over 1000 microservices, an open-source data bus (Hermes) with 300K+ rps, a Service Mesh with 1M+ rps, tens of petabytes of data, and production-used machine learning.


• You will become part of Allegro Tech - We speak at industry conferences, cooperate with tech communities, run our own blog (it's been over 10 years!), record podcasts, lead guilds, and we organize our own internal conference - the Allegro Tech Meeting. We create solutions we love (and can) to talk about!