Application Security Engineer II (Mid) logo
Job TitleApplication Security Engineer II (Mid)
Business Stream:Qualtrics

Application Security Engineer II - Platform Security Team

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.  When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that’s work worth doing 

The Challenge

As Qualtrics continues to expand the Experience Management (XM) platform, we must ensure that we’re protecting our customers and their data by building and operating secure systems. As over a thousand software & system engineers contribute to Qualtrics XM every day, we have a large attack surface to evaluate and secure.

Qualtrics is looking for an experienced security engineer with a passion for security and the aptitude to uncover difficult-to-identify security bugs which require detailed knowledge of our complex systems. The selected candidate will provide subject matter expertise within the Application Security team and across the product engineering organization.

The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, security operations and incident response, and security assurance.

A Day in the Life

  • Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applications
  • Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testing
  • Manage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
  • Organize and lead internal purple and red team exercises to systematically evaluate Qualtrics environments for security flaws
  • Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
  • Document and improve secure SDL processes, standards and guidelines
  • Deliver training and provide mentoring to software engineers on security topics
  • Facilitate threat modeling exercises to ensure optimized security design decisions are being made
  • Make recommendations for architecture & design improvements to address recurring issues
  • Automate redundant tasks for assessment and related activities in order to optimize our team’s efficiency and reach
  • Review source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards 

The Expectation for Success

You will work effectively with the Qualtrics product engineering organization and fellow security engineers, providing reliable technical security expertise to identify and resolve security issues. You will seek to streamline and automate processes in order to deliver maximum results in limited time. 

Skills That Will Lead to Success

  • Bachelor’s degree in Computer Science or a related field
  • Minimum 2 years of relevant work experience
  • At least one year performing manual web application penetration testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
  • Experience performing security reviews of source code & software/system designs
  • Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
  • Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular) 

Preferred Qualifications

  • Experience with assessing and securing large, complex SaaS applications
  • Experience leading threat modeling exercises
  • Experience leading security projects and initiatives
  • One or more relevant security certifications (CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
  • Familiarity with AWS, Docker, Kubernetes, Linux and similar technologies
  • iOS/Android mobile application pentesting experience
  • Prior software development experience

Our Team’s Favourite Perks and Benefits

  • Annual Leave: 20 or 26 annual leave days per annum plus an additional day for each year of service (to a max of 5).
  • Private Medical Insurance- Luxmed health & dental cover for you and your dependants.
  • Commuter Assistance- Up to the value of 80 PLN net a month for public transport.
  • Savings Plan- Two company saving plans provided by Nationale Nederlanden: Employee Capital Plan (PPK) & Employee Saving Plan (PPO)
  • QED PROGRAM- Qualtrics Engineer Development (QED) program: support, engineering learning activities up to 10% of engineering work time each quarter.
  • Wellness- Up to the value of 800PLN gross per quarter can be reimbursed for a variety of wellness activities via our dedicated platform Twic.
  • A choice of Multispot cards available.
  • Our employee assistance program with Unum provides counselling and wellbeing support to all employees
  • Experience bonus- 7000 PLN gross per annum. Qualtrics experience bonus is a program designed to provide experiences to our employees they might not otherwise have.
  • Group Life & Income Protection Insurance
  • Glasses/Contact lenses Reimbursement
  • Free breakfasts, lunches, snacks, and drinks for everyone in the office
  • Tax-deductible expenses (up to 75% depending on role)