DevSecOps Engineer - DevPractices Team in Bucuresti

If you’re a customer of the largest digital bank in the EU, then you’ve probably interacted with our platform and didn't even know it! We are Mambu - SaaS FinTech Unicorn on a mission to revolutionise financial services globally. Your reward if you will join us? A (code) mark on a product used by millions of people!This is your team“Development Practices” is a newly formed team with the main purpose of helping other development teams achieve their goals by introducing tools and practices to streamline the software engineering process. This implies working alongside 20+ teams / 100+ developers in order to learn how they do things, analyze their impediments and make their life easier by proposing and implementing solutions based on your experience and expertise. The culture of helping others is very close to the heart of this team, as it represents the key in achieving team’s goals and overall success.Touching a wide range of challenges concerning software development as part of day to day work, technical excellence is also important and acts as a compass and guides the team in taking the standard ways of improving software development to a new and upgraded level.Our goal: Ensure that our engineers use best-in-class tools and practices to achieve their goals by proposing tools and defining the development best methodologies across Mambu. Your contributionDesign, plan and contribute to implementation of security practices in our software development processWork with Software Engineers and DevOps to develop automated tools and ensure “security by default”Work with our Security team to keep our security requirements updated at all timesFoster innovation and best security practicesWhat’s in your toolbox:A "First-Time-Right" and "Secure-By-Default" mindsetAbility to build and champion a standardized set of security requirements and design patterns for internal systems and product offeringsInfluence security strategy and roadmap by leveraging the collective strength of the security team and articulating the capabilities needed to effectively manage the cyber-attack riskAbility to develop tools for assisting and supporting developers with security requirementsMaintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threatsIdentify, evaluate, and conduct proof-of-concepts for new technologies, enabling secure development of core architectural componentsExperience designing, creating and supporting security tests in CI/CD pipelines, to include IAST, SAST, DAST, container scanning, API scanning, and secret detectionTeam player with strong interpersonal skillsYou’re more than your job descriptionExpert level knowledge at all layers of the information security stack with hands-on security engineering experience on AWS, GCP, TFE, Azure, Kubernetes, etc.Prior experience working with engineering teams on design and implementation of best-practices for security as codeWorking knowledge of the MITRE ATT&CK, NIST CSF, and CIS Critical Control frameworksAutomation of security process flows and security testsActively participate in company's Software Development Lifecycle (SDLC)Define and implement metrics to provide visibility risks and security controlsYour future at MambuWe are a diverse group of Mambuvians, and we are growing fast across 30 countries and 6 continents (not enough banks on Antarctica!). Our eyes are on the future, and we believe we can achieve our mission together by working agile, harnessing the latest technology and having a positive impact for future generations by improving the environment we are in.Mambuvians own their career growth, but we like to celebrate our successes together. We’ve got your back on your health, body and mind. Whether it’s our flexible hours or locations, or our 4-day work week over a 3 month period. You work 4 days a week, but get paid for 5! As a member of the Romanian team, you will have access to: Private health insuranceWellbeing: sports package, eye glasses budgetMonthly meal tickets Ticket gifts for: Easter and ChristmasTraining & development personal budget As part of the recruitment (or HR onboarding) process, you will be required to obtain authorized criminal background and credit screening results, as well as be queried against a sanctions/anti-money-laundering/counter terrorism financing/politically exposed persons screening service and your employment is conditional upon approval of these results.