Application Security - IT Engineer
Middle (2-5 ani), Senior (5-10 ani), Executive (>10 ani)
Provide ING Tech Romania DevOps engineers with proper Software Security tooling and professional advice to enable secure delivery of applications.
- What you bring to the team
Excellent written and verbal communication skills in English and Romanian
- Collaborative attitude both inside the team and with DevOps teams
- Able to keep right balance between security and delivery
- Focus on quality and security service, eager to learn
- You are curious and understand the latest developments in your domain and impact to financial services
- You support continuous improvement by investigating alternatives and technologies and presenting them in the team and peer forums
The environment is dynamic and we are constantly on the lookout for innovative creative solutions and new ideas. The team is made of skilled security engineers who like challenges and work together to keep ING safe and secure.
Your day to day
Below you will find the multitude of challenges our team needs to focus on a continuous basis. While is preferable to master all of them, we also seek for candidates who have key strengths in certain listed areas and are currently working on improving the
Define & maintain the relevant IT Security Policies and Standards at organizational level:
- Define local software security policy and touchpoints
- Set the frameworks, libraries and tooling standards
- Define software security processes & governance
- Bridge the gap between global best practices from inside and outside of the organization with the internal way of working.
Provide training & awareness
- Help defining the communication plan in order to improve development engineers awareness
- Provide face to face software security trainings to employees
- Provide guidance on existing and emerging threats in the web application domain.
Security Assessments and Consultancy
- Setup the AST (application security testing) framework incl. SAST, DAST and Pen Test;
- Provide security advice for tooling (mainly in the area of CI/CD)
- Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
- Provide deep level subject matter expertise for specific development languages based on potential implementation risks.
- Assist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions
- Act on CCERT alerts related to development (. vulnerabilities in libraries/frameworks) – identify teams, address the threat etc.
- Act on and report to Cyber Crime Emergency Response Team in case of cybercrime related incidents
- Participate in audit reviews – provide advice/challenge the auditors recommendations, if the case.
- Static Application Security Testing – Fortify, Checkmarks;
- Dynamic Application Security Testing – Acunetix, Webinspect;
- Pen Testing – Burp Suite;
- Cu ce tool-uri ati lucrat din zona "security" ?