Product Security & Incident Response

In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, we are looking for an experienced Product Security & Incident Response Engineer.

Project information:

• Location: Kraków

• Type of employment: B2B contract

• Remuneration: 190 - 210 PLN net + VAT per hour on B2B

• Project language: English

Your tasks:

• Manage the full vulnerability lifecycle for products: intake, triage, risk assessment, remediation tracking, disclosure, and closure.

• Lead vulnerability triage and risk assessment: analyze exploitability, product/system exposure, and prioritize engineering remediation.

• Develop and implement triage workflows, prioritization criteria, escalation processes, and operational decision frameworks.

• Advise on tools and workflow architecture (e.g., ServiceNow VM, vulnerability management platforms, SIEM/SOAR integration).

• Create PSIRT documentation and process artifacts: SOPs, playbooks, RACI models, escalation procedures, and regulatory notification workflows.

• Coordinate with SOC, DevOps, R&D, engineering, and operations for alerts, incident response, and remediation handoff.

• Monitor and improve PSIRT KPIs, dashboards, and post-incident processes.

• Provide training and operational guidance to internal teams.

Requirements:

• Experience in PSIRT, product security, or pre-CERT operations, ideally with industrial, embedded/IoT, or complex software products.

• Practical experience in vulnerability triage, CVE analysis, exploitability assessment, and remediation planning.

• Knowledge of CVSS and building severity models with contextual modifiers (safety, regulatory, operational impact).

• Experience with tools like ServiceNow VM, Tenable, Qualys, Kenna, or equivalent vulnerability management platforms.

• Ability to design data models and metadata taxonomies for vulnerabilities, product/firmware lineage, and ownership.

• Experience creating operational procedures, playbooks, and escalation processes.

• Strong communication and collaboration skills; fluent in English.

We offer:

• Private medical care with dental care (covering 70% of costs) + rehabilitation package. Family package option possible.

• Multisport card (also for an accompanying person).

• Life insurance.

• Work with talented engineers on large-scale, technically challenging projects.