Offensive Security Engineer II

Job description

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love.

But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally.

Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.

When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them.

Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light.

You won’t have to look to find growth opportunities—ready or not, they’ll find you.

From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business.

Join over 5,000 people across the globe who think that’s work worth doing.

**Offensive Security Engineer II - Krakow, PL**

**Why We Have This Role**

Qualtrics operates in an environment where security threats are constantly evolving, making it essential to prioritize security across our operations.

The Offensive Security Engineer plays a vital role in strengthening our products and infrastructure by proactively identifying and exploiting security vulnerabilities, helping to safeguard against evolving threats before they can be exploited.

This individual will conduct thorough security assessments and penetration tests across applications and infrastructure, collaborating closely with development and operations teams to identify weaknesses and support effective remediation efforts.

Their contributions are vital in protecting customer data, strengthening the company's reputation, and ensuring that we deliver secure services consistently.

​

**How You’ll Find Success**

+ Offensive Security Security Mindset: Demonstrate a deep technical understanding of security vulnerabilities from an attacker’s perspective, embodying the “Try Harder” ethos as a disciplined, resilient, and methodical approach to overcoming challenges through curiosity, creativity, and sustained effort.
+ Proactive Initiative: Take ownership of security-related outcomes, actively gathering necessary context to work autonomously toward the goals of platform security.
+ Effective Communication: Foster trust and collaboration by communicating clearly and effectively across all levels of the organization.
+ Security Knowledge: Possess an extensive understanding of security concerns related to products, cloud environments, and infrastructure, providing valuable insights.
+ Collaborative Spirit: Build strong relationships across various product teams to propel security initiatives forward and facilitate cohesive security practices.
+ Analytical Thinking: Demonstrate sound judgment and problem-solving abilities in addressing complex security issues efficiently.
+ Commitment to Learning: Keep pace with the latest trends and developments in security, continuously enhancing your expertise in threat mitigation and security best practices.

**How You’ll Grow**

+ Deepening Security Knowledge: Deepen your expertise in key areas of offensive security, such as penetration testing, secure coding practices, threat modeling, and application vulnerability management, allowing you to tackle increasingly complex security challenges within our product development lifecycle.
+ Leadership in Security Initiatives: Take the lead on critical security initiatives, including driving security assessments, code review processes, strengthening your leadership capabilities and making a measurable impact on our security posture.
+ Strategic Influence: Collaborate with cross-functional teams to shape and influence security policies and frameworks, contributing to the overall security strategy of the organization and enhancing your ability to drive organizational change.
+ Knowledge Development: Remain current with security trends, augmenting your understanding of emerging threats and innovative solutions.
+ Innovation and Research: Explore and experiment with new security technologies and methodologies, providing innovative solutions to security challenges and reinforcing your position as a key contributor to the organization’s security advancements.

**Things You’ll Do**

+ Perform thorough white, grey and black-box penetration testing specifically focused on identifying security vulnerabilities in Qualtrics web applications.
+ Produce clear, comprehensive business and technical documentation for all penetration testing engagements, effectively communicating findings, risks, and remediation recommendations to both technical teams and executive stakeholders.
+ Work with engineering teams to design and develop applications that incorporate security best principles.
+ Analyze software applications for security vulnerabilities using manual and automated source code review tooling.
+ Identify security risks and weaknesses in software architecture by performing application threat modeling.
+ Use security testing tools to identify, track, and fix vulnerabilities in applications and enterprise infrastructure.
+ Maintain and generate reports on application and infrastructure security posture metrics, KPIs, and vulnerabilities to support enterprise and security architects.
+ Conduct internal pen test engagements with the Qualtrics Security Operations teams and Engineering stakeholders.
+ Collaborate with Engineering teams through multiple channels including application review sessions, threat modeling, and security champions program.
+ Own and operate the Qualtrics vulnerability disclosure and bug bounty programs.

**What We’re Looking For On Your Resume**

+ Minimum of 3 years of recent experience in offensive security.
+ Conduct comprehensive penetration testing on complex web applications, identifying and exploiting vulnerabilities.
+ Produce clear, comprehensive business and technical documentation for penetration testing engagements, effectively communicate findings, risks, and remediation recommendations to both technical teams and executive stakeholders.
+ Familiarity with application security frameworks (e.g., OWASP Top Ten).
+ Relevant pentesting-related security certifications such as, but not limited to CEH, GWAPT, GPEN, OSCP, GCIH, OSEP.
+ Demonstrated track record of discovering, reporting, and responsibly disclosing Common Vulnerabilities and Exposures (CVEs).
+ Strong knowledge of AWS security best practices including IaC, as it pertains to hardening a cloud-centric infrastructure.
+ Experience with the Secure Development Lifecycle (SDL) framework and its phases.
+ Bachelor's degree from an accredited college or university in Computer Science, Information Technology or Engineering, or relevant work experience
+ Development experience using either Python, JavaScript, Ruby, Go, or other relevant language; minimum three years of recent work experience identifying and mitigating security issues in software and knowledge of secure code development best practices.
+ Experience using SAST, SCA, DAST, and CNAPP tools.
+ Excellent communication skills and meticulous attention to detail;

Remember, we’re more interested in the achievements you’ve made over the years than the number of years you’ve worked.

If you have confidence in your abilities but hesitate to apply due to self-doubt, we encourage you to take the leap.

**What You Should Know About This Team**

+ Innovative Environment: The Security Engineering team is at the forefront of Qualtrics' cutting-edge advancements in Experience Management and AI, employing advanced technologies to enhance the integrity and security of our platform.
+ Critical Function: Our efforts are foundational to the insights our clients derive across their entire lifecycle, from employee experience to market research.

By securing vital data, we empower organizations to bridge the digital divide and roll out intuitive products globally.
+ Technical Expertise: Though we have a specialized focus on security, our work is highly technical and innovatively driven, rooted in complex problem-solving.
+ Significant Impact: By ensuring robust security and data protection, our team significantly enhances the quality and trustworthiness of Qualtrics' offerings, reinforcing customer confidence.
+ Growth-Oriented Culture: We promote a learning environment where team members can work with advanced tools and methodologies, expanding their skill sets while contributing to the company’s ambitious mission.

Joining our team means stepping into a role that's vital, challenging, and deeply linked to Qualtrics' aim of reshaping industries by harnessing the power of Experience Management and AI.

**Our Team’s Favorite Perks and Benefits**

+ Wellness Reimbursement for $300 per quarter for wellness activities including gym memberships, spa massages, workout equipment, meditation apps, and much more.
+ $1800 Experience bonus to be used for an “Experience” of your choosing
+ Amazing QGroup Communities; MOSAIQ, Green Team, Qualtrics Pride, Q&Able, Qualtrics Salute, and Women’s Leadership Development, which exist as places for support, allyship, and advocacy.

**The Qualtrics Hybrid Work Model:** Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader.

These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation.

For the rest of the week, work where you want, owning the integration of work and life.

Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

​​​​​​​Applicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act (https://www.dol.gov/agencies/whd/posters/fmla) , Equal Opportunity Employment (https://www.eeoc.gov/poster) , Employee Polygraph Protection Act (https://www.dol.gov/agencies/whd/posters/employee-polygraph-protection-act)

Qualtrics is committed to the inclusion of all qualified individuals.

As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations.

If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.

Not finding a role that’s the right fit for now?

Qualtrics Insiders is the one-stop shop for all things Qualtrics Life.

Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more.

No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.

Required Skill Profession

Other General