Offensive Security Expert – Security Engineers Squad @ING HUBS Romania

The Mission

Keeping the company safe, secure and compliant is a top priority at ING.

The Security Engineers Squad is responsible for ensuring ING Hubs Ro develops and maintains secure products and services. As part of the team, you will collaborate with different internal stakeholders to conduct Security assessments, support secure design and development practices, providing security subject matter expertise and education and instilling the core security mindset and culture.

 You will employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products and services, as well as collaborating and communicating with security expert peers across to help implementing best practices across the engineering organization

Your day to day

Security Assessments - Penetration Testing:

• You will examine chosen targets (mainly Web, API) looking for vulnerabilities and weaknesses, assess applications for design related security risks and assist teams in determining appropriate remediation for identified issues;
• Provide secure code review by assessing reports generated using automated tools (eg Fortify, Checkmarks, etc);

Provide security training & awareness:

• Lead software security and awareness training sessions ;
• Evangelize software security principles;

Consultancy:

• Provide subject matter expertise for specific application development scenarios;
• Provide security advice for tooling (mainly in the area of CI/CD);
• Participate in audit reviews – provide advice/challenge when/if required;

Define & maintain the relevant Software Security processes:

• Document and improve local software security processes;
• Bridge the gap between global best practices from inside and outside of the organization with the internal way of working;

Tooling – robust knowledge on the following but not limited to:

• Static Application Security Testing – eg Fortify, Checkmarks, etc;
• Dynamic Application Security Testing –  eg Burp Suite, Acunetix, Webinspect, etc;
• PenTesting  - eg Kali, Metasploit, etc.

What you’ll bring to the team

Knowledge and experience:

• Experience with OWASP, static/dynamic analysis, and common security tools;
• Experience working within a Software Development Life Cycle;
• Familiarity with common security libraries, security controls, and common security flaws;
• Experience performing software security reviews and implementing security solutions;
• Understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS);
• Familiarity with cloud security controls and best practices;
• Understanding of security engineering, system security, authentication and security protocols, cryptography, or application security;
• Prior experience with DAST and SAST software tools;
• Software development or scripting skills represent an advantage.

Competencies:

• Excellent written and verbal communication skills – ability to explain technical solutions to both technical and non-technical audiences;
• Strong sense of ownership, urgency, and drive;
• Customer-focused and enjoy working as part of a team;
• Strong problem solving and analytical thinking - ability to diagnose and resolve ambiguous problems;
• Willingness to continuously improve skills;
• Willingness to support and coach less experienced members of you team; provide help when needed and criticize in a constructive manner.

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/ Candidates tab).