About the Role

As an Application Security Engineer (Offensive Testing), you will lead and perform penetration testing and DAST for Veeam Data Cloud products. You’ll use Burp Suite and modern web/API testing techniques to find real, exploitable issues, help prioritize risk, and work with engineering teams to drive fixes to completion.

You will also improve testing tools and processes, make testing more repeatable, and help teams prevent recurring vulnerabilities—especially around authentication, authorization, session management, and tenant isolation.

What You’ll Do

• Own offensive testing: plan what to test, how deep to go, and how often; create clear, consistent reports and reusable playbooks
• Perform manual pentesting (main focus): test web apps and APIs, especially authentication/authorization, multi-tenant boundaries, and critical workflows; chain issues into realistic attack paths
• Use Burp Suite daily: validate and reproduce findings with advanced Burp features; build and maintain repeatable scopes, macros, and authenticated flows
• Run and improve DAST: execute and tune authenticated scans, reduce false positives, and work with CI/platform teams to scale scanning and manage credentials
• Drive remediation: deliver high-quality write-ups, partner with engineers to fix and retest, and help prevent regressions; ensure findings are tracked with the right severity and SLAs
• Improve security long-term: spot recurring patterns and help teams prevent them through standards, libraries, platform controls, and input to threat modeling/design reviews

What You’ll Bring

• Strong web and API pentesting experience, especially in authorization (IDOR/BOLA, privilege escalation, role/tenant boundaries), authentication/session flows (tokens, identity integrations), and common vulnerabilities (injection, SSRF, deserialization, misconfigurations) with practical exploitation skills
• Advanced Burp Suite skills: manual validation, targeted fuzzing, authenticated testing, and workflow automation (extensions/macros)
• Experience writing Semgrep rules to detect insecure patterns and improve secure-by-default development
• DAST experience at scale: running or supporting authenticated scans, tuning coverage, and reducing false positives
• Clear written communication: concise PoCs and actionable remediation guidance for engineers

Bonus Skills

• SaaS multi-tenant security testing experience; OAuth2/OIDC/SAML depth; bug bounty triage; writing custom tooling or Burp extensions

What You’ll Get 

• 26 paid days off annually, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares
• Paid parental, maternity, and paternity leave
• Fully covered family medical plan, dental, rehab, and vaccinations
• Life, critical illness, and disability insurance
• Employer pension contribution via PPK
• Monthly Edenred allowance of 450 PLN for meals
• MultiSport card fully covered by Veeam, giving access to sports facilities nationwide
• Up to 12 free therapy sessions annually, plus legal and financial advice
• Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops and learning events like our annual Global Day of Learning

Please note: If the applicant is permanently present outside of Poland, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in Poland.

#LI-GD1
#Hybrid

As PandaDoc continues to scale, we’re expanding our security team and looking for an Application Security Engineer to help shape and strengthen our security foundations. In this role, you’ll take ownership of key security initiatives across our application, working closely with engineering to embed security into every stage of development. You’ll contribute to building a proactive, automation-driven security culture while addressing both current risks and emerging challenges, including AI security.

In this role, you will:

• Monitor and test information systems to identify vulnerabilities
• Execute or manage the remediation of identified vulnerabilities
• Respond to security incidents and perform root cause analysis
• Assess and understand PandaDoc’s current security framework and future architecture, providing recommendations for risk reduction
• Design, implement, maintain, and evangelize automated security solutions
• Work closely with engineering teams to implement new security controls
• Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
• Perform cloud services hardening, including reviewing roles and permissions for services and APIs
• Help address emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

Our stack:

• Service-oriented architecture
• Two main stacks: Java and Python
• Amazon Web Services: EKS, RDS, ElastiCache, etc.
• A combination of AWS native and 3rd party security tools for infrastructure and application security  (WAF, CNAPP, SCA/SAST, DAST, AWS GuardDuty, etc.)

About you:

• 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
• 2+ years of experience with security management tools, including IPS/IDS, WAF, vulnerability scanning, and penetration testing
• Good understanding of Access Control and Identity Access Management principles (SAML 2.0, OAuth, JWT, etc) 
• Experience with implementing DevSecOps practices in SSDLC
• Solid interpersonal, written, and verbal communication skills
• Upper-Intermediate English level (B2+)

Company Overview: 

PandaDoc empowers more than 60,000 growing organizations to thrive by taking the work out of document workflow. PandaDoc provides an all-in-one document workflow automation platform that helps fast scaling teams accelerate the ability to create, manage, and sign digital documents including proposals, quotes, contracts, and more.  For more information, please visit https://www.pandadoc.com.

Company Culture: 

We're known for our work-life balance, kind co-workers, & creative virtual team-bonding events. And although our Pandas are located across the globe, we stay connected with the help of technology and ensure that everyone on our team feels, well, like a team.

Pandas work best when they're happy. We retain our talent by upholding our values of integrity & transparency, and selling a product that changes the lives of our customers. 

Check out our LinkedIn to learn more.

Salary:

The monthly base salary for this role is up to 21000 PLN to 24,750 PLN.

Benefits:

Our team members and their families have access to comprehensive benefits including:

• Multisport Card for fitness and wellness activities (individual or family plan)
• LuxMed healthcare coverage (individual or family plan)
• UNUM life insurance protection (individual or family plan)
• Onboarding benefit allowance that can be used for necessary work equipment and setup
• 6 self-care days beyond standard Polish vacation entitlements 
• Wellness, learning and development budgets
• Employees may be able to purchase company stock or receive annual bonuses.

PandaDoc is an Equal Opportunity Employer. We are committed to equal treatment of all employees without regard to race, national origin, religion, gender, age, sexual orientation, veteran status, physical or mental disability or other basis protected by law.

EXTERNAL RECRUITERS

Approval Requirement

The use of external recruiters/staffing agencies requires prior approval from our HR Team. The HR Team at PandaDoc requests that external recruiters/staffing agencies not to contact PandaDoc employees directly in an attempt to present candidates. Complying with this request will be a factor in determining future professional relationships with PandaDoc.