Application Security Expert

G2A.COM is the world's largest marketplace for digital entertainment. On our platform, over 35 million people from 180 countries have already purchased more than 135 million digital items. Why? Sellers from all over the world present a rich offering of over 95,000 digital codes for games, software, gift cards, subscriptions, DLCs, in-game items, and various digital entertainment. We are a safe marketplace, where sellers guarantee instant delivery.

What else sets us apart? G2A.COM is a place co-created by a team of around 400 exceptional experts representing 10 nationalities. Most of us work in a hybrid model, some remotely, or on-site in a chosen location. Our R&D center is in Rzeszow, we also have offices in Warsaw and Krakow. The company's main headquarters are in Hong Kong, with the central office in Amsterdam.

We address each other by our first name, we are supportive, and we share knowledge. We operate based on DEI values – Diversity, Equity, and Inclusion and provide extensive development opportunities – in 2024 over 94 development and wellbeing events and in 2025, we have already held 46. We work in a dynamically changing environment, continuously implementing and utilizing the latest technologies such as artificial intelligence (AI) or augmented reality (AR).

Our mission is to seek new opportunities, pursue continuous growth, and deliver engaging entertainment. G2A’s vision is to build and strengthen its position as a leader in the digital industry by creating a comprehensive, integrated digital ecosystem based on innovative technologies and cutting-edge cybersecurity solutions.

As part of our “First in Digital, Digital First” strategy, we emphasize the balance between being external innovators and internal drivers of progress—leading digital transformation while simultaneously developing people to thrive in an ever-changing environment. This approach allows us to shape a future where technology and human potential go hand in hand, delivering exceptional results and driving sustainable growth.

We regularly check job satisfaction. According to the latest survey, as many as 96% of people trust themselves and support one another, 97% appreciate teamwork, and 83% highly value managerial support. The average tenure at G2A.COM is an impressive 5 years. This is simply a place where people want to be.

We place particular emphasis on maintaining a healthy work–life balance, as well as on the value of Deliver Value – providing value to the user, the company, oneself, and the people we work or collaborate with

By joining us, you will have the opportunity to collaborate and create projects with international brands such as Google, PayPal, Amazon, VISA, Mastercard, PayU, EY, Synerise, Modivo, Empik, and Microsoft. We think and act globally, and in our daily work, we are guided by analysis and data, although intuition and experience-based insights are also considered a significant asset. We invite you to join us on the journey of co-creating Gate2Adventure – the gateway to the world of digital entertainment. 

We’re waiting for you!

Join our Security & Resilience Team as an Application Security Expert and leverage your extensive experience in system protection and implementing cybersecurity best practices. You will play a crucial role in ensuring the high security level of web applications and content-sharing tools. Your responsibilities will include standardizing control mechanisms, developing security guidelines, and defining standards to guarantee the stability and resilience of our solutions. You will analyze automated security test results and assess software architecture for potential threats. By collaborating closely with development teams, you will support them in designing and implementing security-compliant solutions while ensuring their effectiveness and adherence to the highest standards.

We provide full flexibility—you can work in a hybrid model or fully remotely. You’ll have access to modern technological tools and comprehensive support during your onboarding process. We prioritize development, offering opportunities to gain new skills and participate in exciting projects. Benefits include a welcome package, Motivizer vouchers, private medical care, and a MultiSport card.

You’re a perfect match for the role, if:

• You have at least 3 years of professional experience in the field of commercial application security
• Programming is your strong suit, and you have at least 3 years of experience in this area (preferred technologies: Golang, Python, or PHP)
• You have a minimum of 2 years of experience in creating and reviewing WAF rules (preferably with knowledge of Akamai WAF)
• You are highly skilled in designing and building security mechanisms for applications in modern technology stacks
• You have experience in threat modeling and conducting security-focused project reviews
• You have hands-on experience with Kubernetes security and containerization
• You are well-versed in common application security vulnerabilities, such as those listed in the OWASP Top 10
• Familiarity with standards like the OWASP Testing Guide, OWASP ASVS, and SANS Top 20 comes naturally to you
• You are proficient in modern and widely used web technologies
• You have a strong understanding of cryptography fundamentals and their application in web solutions
• You are knowledgeable about authentication and authorization protocols (OAuth, SAML, OIDC), their flows, and best practices
• Your English proficiency is at least at the B2 level, allowing you to communicate fluently both verbally and in writing
• You are open to challenges and continuous development
• You are communicative and capable of working effectively in a team

Your responsibilities:

• Analyzing source code to identify and eliminate vulnerabilities
• Automating and standardizing application security control mechanisms
• Developing guidelines and standards for application security
• Reviewing the results of automated security tests
• Conducting software architecture project reviews
• Reviewing and approving Web Application Firewall (WAF) rules
• Supporting developers in designing and implementing secure-by-design solutions
• Creating, documenting, and supervising the implementation of security guidelines and standards

Why joining us worth it?

• You can choose hybrid or even fully remote work
• You'll receive the tools necessary for your work, such as a laptop or/ and a phone
• We can provide your home office with ergonomic furniture and electronic devices, such as: footrests, exercise balls, chairs and lumbar supports, monitors, mousepads, laptop docking stations, mice, keyboards, and headphones
• We care about the work-life balance and wellbeing of our team
• We provide opportunities for you to turn your ideas into reality and we appreciate such initiatives
• We support skill and knowledge development via internal and external trainings
• We work according to the values of DEI: Diversity, Equity & Inclusion
• We support grassroots initiatives and charities
• We offer valuable benefits, such as the welcome pack, Motivizer vouchers (220 points/PLN employees can spend on a variety of services and products from known brands available on the platform), private health care, MultiSport card, the opportunity to participate in internal and external trainings and industry conferences, and many more
• You will receive discount codes to use on the G2A.COM sales platform so that you can enjoy the benefits of our offers and services