Offensive Security Expert Security Engineers Squad ING HUBS Romania
Offensive Security Expert Security Engineers Squad ING HUBS Romania
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
ING Hubs Romania offers 130 services in software development data management nonfinancial risk & compliance audit and retail operations to 24 ING units worldwide with the help of over 1700 highperforming engineers risk and operations professionals.
We started out in 2015 as INGs software development hub a distinct entity from ING Bank Romania then steadily expanded our range to include more services and competencies.
Now we provide borderless services with bankwide capabilities and operate from two locations: Bucharest and ClujNapoca.
Our tech capabilities remain the core of our business with more than 1500 colleagues active in Data Management Touchpoint Channels & Integration Core Banking and Global Products.
We enjoy a flexible way of working and a highly collaborative environment where fair and constructive feedback is encouraged.
For us impact isnt a perk. Its the driver of our work.
We are guided and rewarded by a shared desire to make the world a better place one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you
The Mission
Keepingthe company safe secure andcompliantis a top priority at ING.
The Security Engineers Squad is responsible for ensuring ING Hubs Ro develops and maintains secure products and services. As part of the team you will collaborate with different internal stakeholders to conduct Security assessments support secure design and development practices providing security subject matter expertise and education and instilling the core security mindset and culture.
You will employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products and services as well as collaborating and communicating with security expert peers across to help implementing best practices across the engineering organization
Your day to day
Security Assessments Penetration Testing:
- You will examine chosen targets (mainly Web API) looking for vulnerabilities and weaknesses assess applications for design related security risks and assist teams in determining appropriate remediation for identified issues;
- Provide secure code review by assessing reports generated using automated tools (eg Fortify Checkmarks etc);
Provide security training & awareness:
- Lead software security and awareness training sessions ;
- Evangelize software security principles;
Consultancy:
- Provide subject matter expertise for specific application development scenarios;
- Provide security advice for tooling (mainly in the area of CI/CD);
- Participate in audit reviews provide advice/challenge when/if required;
Define & maintain the relevant Software Security processes:
- Document and improve local software security processes;
- Bridge the gap between global best practices from inside and outside of the organization with the internal way of working;
Tooling robust knowledge on the following but not limited to:
- Static Application Security Testing eg Fortify Checkmarks etc;
- Dynamic Application Security Testing eg Burp Suite Acunetix Webinspect etc;
- PenTesting eg Kali Metasploit etc.
What youll bring to the team
Knowledge and experience:
- Experience with OWASP static/dynamic analysis and common security tools;
- Experience working within a Software Development Life Cycle;
- Familiarity with common security libraries security controls and common security flaws;
- Experience performing software security reviews and implementing security solutions;
- Understanding of network and web related protocols (such as TCP/IP UDP IPSEC HTTP HTTPS);
- Familiarity with cloud security controls and best practices;
- Understanding of security engineering system security authentication and security protocols cryptography or application security;
- Prior experience with DAST and SAST software tools;
- Software development or scripting skills represent an advantage.
Competencies:
- Excellent written and verbal communication skills ability to explain technical solutionsto both technical and nontechnical audiences;
- Strong sense of ownership urgency and drive;
- Customerfocused and enjoy working as part of a team;
- Strong problem solving and analytical thinking ability to diagnose and resolve ambiguous problems;
- Willingness to continuously improve skills;
- Willingness to support and coach less experienced members of you team; provide help when needed and criticize in a constructive manner.
If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it read the privacy notices on ourwebsite (make sure to scroll until you reach the Data Protection section/ Candidates tab).
Employment Type
Full-Time
