As a Security Engineer focused on Application and Product Security at Starburst, you will play a key role in improving the security posture of applications, services and the development ecosystem. You will work closely with engineering teams to integrate security into the software development lifecycle, build secure-by-default patterns and ensure products are resilient against modern threats. The role combines hands-on technical work, security engineering and collaboration with developers, and is based in the Warsaw office with a hybrid model (1-2 days per week onsite).
Responsibilities
- ▹Integrate application security best practices into the development lifecycle and enable automated security checks in CI/CD pipelines
- ▹Support and maintain application security tooling, including SAST, DAST, SCA and secrets scanning, and help developers remediate findings
- ▹Conduct secure code reviews, threat modeling sessions and application architecture assessments
- ▹Develop and maintain security automation, guardrails and reusable components
- ▹Help define and improve secure coding standards and application hardening practices
- ▹Improve application-level logging, telemetry and alerting for monitoring and detection
- ▹Assist in incident response related to application vulnerabilities (verification, triage, remediation)
- ▹Contribute to documentation: security requirements, guidelines, remediation playbooks
- ▹Participate in internal security reviews, compliance-driven assessments and architectural walkthroughs
Requirements
- ▹Bachelor's degree in Computer Science, Engineering, MIS, or equivalent practical experience
- ▹2-5 years of experience in application security, product security, software engineering with a security focus, or a related technical role
- ▹Strong understanding of application vulnerabilities and mitigation strategies (OWASP Top 10, CWE)
- ▹Experience with CI/CD tooling, Git-based workflows and modern development practices
- ▹Familiarity with cloud security concepts and hands-on experience with at least one cloud platform (AWS, Azure or GCP)
- ▹Experience with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript or Ruby (Java and Python preferred)
- ▹Experience with application security tools such as OWASP ZAP, Burp Suite, SAST/DAST, SCA or dependency scanning
- ▹Knowledge of secure coding principles, API security, authentication, authorization and secrets management
- ▹Understanding of agile development processes
- ▹Ability to travel about 25% for onboarding, offsites, customer engagements and company events
Soft skills
What we offer
- ▹Competitive pay
- ▹Attractive stock grants
- ▹Flexible paid time off
- ▹Comprehensive Total Rewards program
About the company
Starburst delivers enterprise intelligence at scale by giving organizations secure, governed access to all their data, wherever it lives. Built on open standards including Trino and Apache Iceberg, Starburst helps enterprises power AI and analytics without the cost and complexity of traditional data consolidation and without vendor lock-in.
