Senior Application Security Engineer
Jamf
This is a senior technical leadership role in application security for Jamf's products (Apple device management). You will lead security reviews, threat modeling, and secure architecture design, drive automation of security processes, and mentor less experienced engineers. You'll collaborate with product and infrastructure teams to resolve complex security issues and research emerging threats.
Brakuje: specific programming languages required, exact security assessment tools used.
This is a senior technical leadership role in application security for Jamf's products (Apple device management). You will lead security reviews, threat modeling, and secure architecture design, drive automation of security processes, and mentor less experienced engineers. You'll collaborate with product and infrastructure teams to resolve complex security issues and research emerging threats.
- ✓Mentorship and coaching of junior engineers is a core responsibility
- ✓Opportunity to lead Product Security Champions guild – community building
- ✓Proactive research of emerging threats – promotes innovation
- ✓Small teams and flat structure despite large company size
- ✓Training budget and Apple equipment provided
- ✓Private healthcare and international projects
- !Required experience with Apple device management is niche and may be hard to find
- !Broad range of preferred certifications (GIAC, CEH, CISSP, AWS) may indicate high expectations
- !Incident response involvement may imply on-call duties, not explicitly stated
- !Only accept candidates already based in Poland with sponsorship – no relocation support mentioned
- •Lead security reviews of new and existing products and services to identify and prioritize security risks
- •Champion and improve secure development lifecycle practices including threat modeling and security testing
- •Define secure designs, requirements, and reference architectures, and review implementations for compliance
- •Collaborate with development, product, and infrastructure teams to troubleshoot and resolve complex security issues
- •Design, develop, and deploy security automation tools and processes to scale product security
- •Own and maintain security documentation and reporting for technical and non-technical audiences
- •Research emerging threats and attack vectors relevant to Jamf infrastructure and translate them into improvements
- •Participate in security incident response and post-incident reviews, driving long-term remediation
Oferta dla doświadczonych specjalistów (Senior).
Someone with at least 6 years in software development and application security, 5 years in security principles, 2 years of coding experience, and familiarity with OWASP. They may lack Apple device management or certifications but can demonstrate strong analytical and communication skills.
Junior or mid-level engineers without deep application security experience (less than 6 years). Also not for those who dislike hybrid work (even if only once every two weeks) or prefer purely remote roles. Candidates without the right to work in Poland need to check sponsorship requirements.
- ?What programming languages are most commonly used in the team?
- ?Is there an on-call rotation for incident response? If so, what is the frequency?
- ?How many product security engineers are there, and what are the team's sub-specializations?
- ?What security assessment tools (SAST, DAST, etc.) are currently in use?
- ?What does the mentorship structure look like – are there formal development plans?
- ?What is the approximate budget for training and certifications?
- ?Is there a clear career progression path from this role?
- −Specific programming languages required
- −Exact security assessment tools used
- −On-call expectations for incident response
- −Team size and structure
- −Process for threat modeling and security reviews
Collaborative and inclusive culture with flat structure, emphasis on mentorship and innovation, but also results-driven. The team values autonomy and continuous improvement in security practices.
Na poziomie rynkowym
Dane z aktywnych ofert zawierających technologię AWS. Pełne statystyki zarobków →