Software Security Engineer
ING
Bucuresti, Romania
‎în urmă cu 11 ore

Discover ING Tech

ING Tech is an international hub for technology & innovation, developing ITsolutions across ING in areas such as Core Banking, Big Data, FinancialMarkets, Data Management, Touch Point Architecture and many more.

By using thelatest methodologies in software development, our fast growing team gathers morethan 650 tech enthusiasts who work for international projects that go beyondtraditional banking.

Mission

Provide INGTech Romania DevOps engineers with proper Software Security tooling andprofessional advice to enable secure deliveryof applications.

What you bring to the team

  • Excellent written and verbal communication skills in English and Romanian
  • Collaborative attitude both inside the team and with DevOps teams

  • Experience with tools like : Burp Suite, Fortify, Accunetix, WebInspect
  • Able to keep right balance between security and delivery
  • Focus on quality and security service, eager to learn
  • You are curious and understand the latest developments in your domain and impact to financial services
  • You support continuous improvement by investigating alternatives and technologies and presenting them in the team and peer forums
  • The environment is dynamic and we areconstantly on the lookout for innovative creative solutions and new ideas. Theteam is made of skilled security engineers who like challenges and worktogether to keep ING safe and secure.

    Your day to day Below you will find themultitude of challenges our team needs to focus on a continuous basis. While ispreferable to master all of them, we also seek for candidates who have keystrengths in certain listed areas and are currently working on improving therest.

    Define & maintain the relevant ITSecurity Policies and Standards at organizational level :

    Define local software security policy and touchpoints

    Set the frameworks, libraries and tooling standards

    Define software security processes & governance

    Bridge the gap between global best practices from insideand outside of the organization with the internal way of working.

    Provide training & awareness

    Help defining the communication plan in order to improvedevelopment engineers awareness

    Provide face to face software security trainings toemployees

    Provide guidance on existing and emerging threats in theweb application domain.

    Security Assessments and Consultancy

  • Setup the AST (application security testing) frameworkincl. SAST, DAST and Pen Test;
  • Provide security advice for tooling (mainly in the areaof CI / CD)

    Assess applications for design related security risks andassist teams in determining appropriate remediation for issues identified

    Provide deep level subject matter expertise for specificdevelopment languages based on potential implementation risks.

    Assist in the execution of and review vulnerability scansand penetration test results, propose & agree upon mitigation actions

    Act on CCERT alerts related to development (e.g. vulnerabilitiesin libraries / frameworks) identify teams, address the threat etc.

    Act on and report to Cyber Crime Emergency Response Teamin case of cybercrime related incidents

    Participate in audit reviews provide advice / challengethe auditors recommendations, if the case.

    Tooling :

  • Static Application Security Testing Fortify,Checkmarks;
  • Dynamic Application Security Testing Acunetix,Webinspect;
  • Pen Testing Burp Suite;
  • Aplică
    Adaugați la favorite
    Eliminați de la favorite
    Aplică
    Email-ul meu
    Făcând clic pe "Continuă", acord nevoo consimțământ de a procesa datele mele și de a-mi trimite alerte prin e-mail, așa cum este detaliat în policyApplicația de confidențialitate a lui neuvoo. Pot să-mi retrag consimțământul sau să mă dezabonez în orice moment.
    Continuă
    Formular