Acest anunț a expirat și nu este disponibil pentru aplicare
ING
Application Security - IT Security Engineer
Fișa jobului
Discover ING Tech
ING Tech is an international hub for technology & innovation, developing IT solutions across ING in areas such as Core Banking, Big Data, Financial Markets, Data Management, Touch Point Architecture and many more. By using the latest methodologies in software development, our fast growing team gathers more than 500 tech enthusiasts who work for international projects that go beyond traditional banking.
Mission
Provide ING Tech Romania DevOps engineers with proper Software Security tooling and professional advice to enable secure delivery of applications.
What You Bring To The Team
Excellent written and verbal communication skills in English and Romanian
Collaborative attitude both inside the team and with DevOps team
Able to keep right balance between security and delivery
Focus on quality and security service, eager to learn
You are curious and understand the latest developments in your domain and impact to financial services
You support continuous improvement by investigating alternatives and technologies and presenting them in the team and peer forums
The environment is dynamic and we are constantly on the lookout for innovative creative solutions and new ideas. The team is made of skilled security engineers who like challenges and work together to keep ING safe and secure.
Your day to dayBelow you will find the multitude of challenges our team needs to focus on a continuous basis. While is preferable to master all of them, we also seek for candidates who have key strengths in certain listed areas and are currently working on improving the rest.
Define & maintain the relevant IT Security Policies and Standards at organizational level:
oDefine local software security policy and touchpoints
oSet the frameworks, libraries and tooling standards
oDefine software security processes & governance
oBridge the gap between global best practices from inside and outside of the organization with the internal way of working.
Provide training & awareness
oHelp defining the communication plan in order to improve development engineers awareness
oProvide face to face software security trainings to employees
oProvide guidance on existing and emerging threats in the web application domain.
Security Assessments and Consultancy
oSetup the AST (application security testing) framework incl. SAST, DAST and Pen Test;
oProvide security advice for tooling (mainly in the area of CI/CD)
oAssess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
oProvide deep level subject matter expertise for specific development languages based on potential implementation risks.
oAssist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions
oAct on CCERT alerts related to development (e.g. vulnerabilities in libraries/frameworks) – identify teams, address the threat etc.
oAct on and report to Cyber Crime Emergency Response Team in case of cybercrime related incidents
oParticipate in audit reviews – provide advice/challenge the auditors recommendations, if the case.
Tooling
oStatic Application Security Testing – Fortify, Checkmarks;
oDynamic Application Security Testing – Acunetix, Webinspect;
oPen Testing – Burp Suite;
This role is based in Bucharest, Romania. For more information about our relocation package, please contact Adrian BOBOCEA, IT Recruiter at click apply
ING Tech is an international hub for technology & innovation, developing IT solutions across ING in areas such as Core Banking, Big Data, Financial Markets, Data Management, Touch Point Architecture and many more. By using the latest methodologies in software development, our fast growing team gathers more than 500 tech enthusiasts who work for international projects that go beyond traditional banking.
Mission
Provide ING Tech Romania DevOps engineers with proper Software Security tooling and professional advice to enable secure delivery of applications.
What You Bring To The Team
Excellent written and verbal communication skills in English and Romanian
Collaborative attitude both inside the team and with DevOps team
Able to keep right balance between security and delivery
Focus on quality and security service, eager to learn
You are curious and understand the latest developments in your domain and impact to financial services
You support continuous improvement by investigating alternatives and technologies and presenting them in the team and peer forums
The environment is dynamic and we are constantly on the lookout for innovative creative solutions and new ideas. The team is made of skilled security engineers who like challenges and work together to keep ING safe and secure.
Your day to dayBelow you will find the multitude of challenges our team needs to focus on a continuous basis. While is preferable to master all of them, we also seek for candidates who have key strengths in certain listed areas and are currently working on improving the rest.
Define & maintain the relevant IT Security Policies and Standards at organizational level:
oDefine local software security policy and touchpoints
oSet the frameworks, libraries and tooling standards
oDefine software security processes & governance
oBridge the gap between global best practices from inside and outside of the organization with the internal way of working.
Provide training & awareness
oHelp defining the communication plan in order to improve development engineers awareness
oProvide face to face software security trainings to employees
oProvide guidance on existing and emerging threats in the web application domain.
Security Assessments and Consultancy
oSetup the AST (application security testing) framework incl. SAST, DAST and Pen Test;
oProvide security advice for tooling (mainly in the area of CI/CD)
oAssess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
oProvide deep level subject matter expertise for specific development languages based on potential implementation risks.
oAssist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions
oAct on CCERT alerts related to development (e.g. vulnerabilities in libraries/frameworks) – identify teams, address the threat etc.
oAct on and report to Cyber Crime Emergency Response Team in case of cybercrime related incidents
oParticipate in audit reviews – provide advice/challenge the auditors recommendations, if the case.
Tooling
oStatic Application Security Testing – Fortify, Checkmarks;
oDynamic Application Security Testing – Acunetix, Webinspect;
oPen Testing – Burp Suite;
This role is based in Bucharest, Romania. For more information about our relocation package, please contact Adrian BOBOCEA, IT Recruiter at click apply
Nivel de vechime
Începător
Tip de angajare
Full-time
Ocupație
Tehnologia informației
Sectoare de activitate
Tehnologia informației și servicii informatice