Discover ING Tech
ING Tech is an international hub for technology & innovation, developing ITsolutions across ING in areas such as Core Banking, Big Data, FinancialMarkets, Data Management, Touch Point Architecture and many more.
By using thelatest methodologies in software development, our fast growing team gathers morethan 650 tech enthusiasts who work for international projects that go beyondtraditional banking.
Provide INGTech Romania DevOps engineers with proper Software Security tooling andprofessional advice to enable secure deliveryof applications.
What you bring to the team
Collaborative attitude both inside the team and with DevOps teams
The environment is dynamic and we areconstantly on the lookout for innovative creative solutions and new ideas. Theteam is made of skilled security engineers who like challenges and worktogether to keep ING safe and secure.
Your day to day Below you will find themultitude of challenges our team needs to focus on a continuous basis. While ispreferable to master all of them, we also seek for candidates who have keystrengths in certain listed areas and are currently working on improving therest.
Define & maintain the relevant ITSecurity Policies and Standards at organizational level :
Define local software security policy and touchpoints
Set the frameworks, libraries and tooling standards
Define software security processes & governance
Bridge the gap between global best practices from insideand outside of the organization with the internal way of working.
Provide training & awareness
Help defining the communication plan in order to improvedevelopment engineers awareness
Provide face to face software security trainings toemployees
Provide guidance on existing and emerging threats in theweb application domain.
Security Assessments and Consultancy
Provide security advice for tooling (mainly in the areaof CI / CD)
Assess applications for design related security risks andassist teams in determining appropriate remediation for issues identified
Provide deep level subject matter expertise for specificdevelopment languages based on potential implementation risks.
Assist in the execution of and review vulnerability scansand penetration test results, propose & agree upon mitigation actions
Act on CCERT alerts related to development (e.g. vulnerabilitiesin libraries / frameworks) identify teams, address the threat etc.
Act on and report to Cyber Crime Emergency Response Teamin case of cybercrime related incidents
Participate in audit reviews provide advice / challengethe auditors recommendations, if the case.