Offensive Security Expert ING HUBS Romania

ING Hubs Romania offers 130 services in software development data management non-financial risk & compliance audit and retail operations to 24 ING units worldwide with the help of over 2000 high-performing engineers risk and operations professionals.

We started out in 2015 as INGs software development hub then steadily expanded our range to include more services and competencies. Now we provide borderless services with bank-wide capabilities and operate from two locations: Bucharest and Cluj-Napoca.

Our tech capabilities remain the core of our business with more than 1800 colleagues active in Data and Analytics Tech Tech Foundation and Channels Retail Core Banking and Architecture and Global Products and Technology Services.

We enjoy a flexible way of working and a highly collaborative environment where fair and constructive feedback is encouraged.

For us impact isnt a perk. Its the driver of our work. We are guided and rewarded by a shared desire to make the world a better place one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you

The Mission

Keepingthe company safe secure andcompliantis a top priority at ING.

The Security Engineers Squad is responsible for ensuring ING Hubs Ro develops and maintains secure products and services. As part of the team you will collaborate with different internal stakeholders to conduct Security assessments support secure design and development practices providing security subject matter expertise and education and instilling the core security mindset and culture. You will employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products and services as well as collaborating and communicating with security expert peers across to help implementing best practices across the engineering organization.

Your day to day

• Security Assessments - Penetration Testing:

  • You will examine chosen targets (mainly Web API) looking for vulnerabilities and weaknesses assess applications for design related security risks and assist teams in determining appropriate remediation for identified issues;

  • Provide secure code review by assessing reports generated using automated tools (eg Fortify Checkmarks etc);

• Provide security training & awareness:

  • Lead software security and awareness training sessions ;

  • Evangelize software security principles;

• Consultancy:

  • Provide subject matter expertise for specific application development scenarios;

  • Provide security advice for tooling (mainly in the area of CI/CD);

  • Participate in audit reviews provide advice/challenge when/if required;

• Define & maintain the relevant Software Security processes:

  • Document and improve local software security processes;

  • Bridge the gap between global best practices from inside and outside of the organization with the internal way of working;

• Tooling robust knowledge on the following but not limited to:

  • Static Application Security Testing eg Fortify Checkmarks etc;

  • Dynamic Application Security Testing eg Burp Suite Acunetix Webinspect etc;

  • PenTesting - eg Kali Metasploit etc.

What youll bring to the team

• Experience with OWASP static/dynamic analysis and common security tools;

• Experience working within a Software Development Life Cycle;

• Familiarity with common security libraries security controls and common security flaws;

• Experience performing software security reviews and implementing security solutions;

• Understanding of network and web related protocols (such as TCP/IP UDP IPSEC HTTP HTTPS);

• Familiarity with cloud security controls and best practices;

• Understanding of security engineering system security authentication and security protocols cryptography or application security;

• Prior experience with DAST and SAST software tools;

• Software development or scripting skills represent an advantage;

• Fluent in English.

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it read the privacy notices on ourwebsite (make sure to scroll until you reach the Data Protection section/ Candidates tab).