At Qualtrics, we create software the world's best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform-we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention-but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.

　　When you join one of our teams, you'll be part of a nimble group that's empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You won't have to look to find growth opportunities-ready or not, they'll find you. From retail to government to healthcare, we're on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that's work worth doing

　　Application Security Engineer II - Platform Security Team

　　The Challenge

　　As Qualtrics continues to expand the Experience Management (XM) platform, we must ensure that we're protecting our customers and their data by building and operating secure systems. As over a thousand software & system engineers contribute to Qualtrics XM every day, we have a large attack surface to evaluate and secure.

　　Qualtrics is looking for an experienced security engineer with a passion for security and the aptitude to uncover difficult-to-identify security bugs which require detailed knowledge of our complex systems. The selected candidate will work within the Application Security team and provide support across the product engineering organization.

　　The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, security operations and incident response, and security assurance.

　　A Day in the Life

　　Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applicationsLeverage your accumulated knowledge of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testingManage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findingsOrganize and/or support internal purple and red team exercises to systematically evaluate Qualtrics environments for security flawsDocument remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressedDocument and improve secure SDL processes, standards and guidelinesDeliver training and provide mentoring to software engineers on security topicsFacilitate threat modeling exercises to ensure optimized security design decisions are being madeMake recommendations for architecture & design improvements to address recurring issuesAutomate redundant tasks for assessment and related activities in order to optimize our team's efficiency and reachReview source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards

　　The Expectation for Success

　　You will work effectively with the Qualtrics product engineering organization and fellow security engineers, providing reliable technical security expertise to identify and resolve security issues. You will seek to streamline and automate processes in order to deliver maximum results in limited time.

　　Minimum Qualifications

　　Bachelor's degree in Computer Science or a related fieldMinimum 2 years of relevant work experienceExperience performing manual web application penetration testing as a job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)Experience performing security reviews of source code & software/system designsUnderstanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threatsExperience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)

　　Preferred Qualifications

　　Experience with assessing and securing large, complex SaaS applicationsExperience in threat modeling exercisesExperience in security projects and initiativesNice to have: one or more relevant security certifications (e.g., CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)Familiarity with AWS, Docker, Kubernetes, Linux and similar technologiesiOS/Android mobile application pentesting experiencePrior software development experience

　　Our Team's Favourite Perks and Benefits

　　Annual Leave: 20 or 26 annual leave days per annum plus an additional day for each year of service (to a max of 5).Private Medical Insurance- Luxmed health & dental cover for you and your dependants.Commuter Assistance- Up to the value of 80 PLN net a month for public transport.Savings Plan- Two company saving plans provided by Nationale Nederlanden: Employee Capital Plan (PPK) & Employee Saving Plan (PPO)QED PROGRAM- Qualtrics Engineer Development (QED) program: support, engineering learning activities up to 10% of engineering work time each quarter.Wellness- Up to the value of 800PLN gross per quarter can be reimbursed for a variety of wellness activities via our dedicated platform Twic.A choice of Multispot cards available.Our employee assistance program with Unum provides counselling and wellbeing support to all employeesExperience bonus- 7000 PLN gross per annum. Qualtrics experience bonus is a program designed to provide experiences to our employees they might not otherwise have.Group Life & Income Protection InsuranceGlasses/Contact lenses ReimbursementFree breakfasts, lunches, snacks, and drinks for everyone in the officeTax-deductible expenses (up to 75% depending on role)

　　Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

　　Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act

　　Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.

　　Qualtrics Work Experience - As we look to the future, we believe that our teams are better together. Being together will help us learn more, grow faster and ultimately deliver better results for our customers and Qualtrics. Roles tied to an office location work 4 days per week in the office together and 1 day from home, with a strong spirit of flexibility around taking time for personal, health, and family moments in our work weeks. Our managers work with their teams to create a collaborative, engaged work environment, and arrangement that works for each of our team members.

　　Not finding a role that's the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.