Offensive Security Expert – Security Engineers Squad @ING HUBS Romania in Bucuresti

Discover ING Hubs RomaniaWe started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj.With the help of 1400 engineers, risk and operations professionals, we offer 150 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide.Our tech capabilities remain the core of our business, with more than 1100 colleagues active in Data Management, TouchPoint Channels & Integration and Core Banking.We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people.Here’s a sneak peak of what our colleagues say about working within ING Hubs Romania:At ING, software and soft skills are equally important | 78% of our IT colleagues agree.The MissionKeeping the company safe, secure and compliant is a top priority at ING.The Security Engineers Squad is responsible for ensuring ING Hubs Ro develops and maintains secure products and services. As part of the team, you will collaborate with different internal stakeholders to conduct Security assessments, support secure design and development practices, providing security subject matter expertise and education and instilling the core security mindset and culture.  You will employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products and services, as well as collaborating and communicating with security expert peers across to help implementing best practices across the engineering organizationYour day to daySecurity Assessments - Penetration Testing:You will examine chosen targets (mainly Web, API) looking for vulnerabilities and weaknesses, assess applications for design related security risks and assist teams in determining appropriate remediation for identified issues;Provide secure code review by assessing reports generated using automated tools (eg Fortify, Checkmarks, etc);Provide security training & awareness:Lead software security and awareness training sessions ;Evangelize software security principles;Consultancy:Provide subject matter expertise for specific application development scenarios;Provide security advice for tooling (mainly in the area of CI/CD);Participate in audit reviews – provide advice/challenge when/if required;Define & maintain the relevant Software Security processes:Document and improve local software security processes;Bridge the gap between global best practices from inside and outside of the organization with the internal way of working;Tooling – robust knowledge on the following but not limited to:Static Application Security Testing – eg Fortify, Checkmarks, etc;Dynamic Application Security Testing –  eg Burp Suite, Acunetix, Webinspect, etc;PenTesting  - eg Kali, Metasploit, etc.What you’ll bring to the teamKnowledge and experience: Experience with OWASP, static/dynamic analysis, and common security tools;Experience working within a Software Development Life Cycle;Familiarity with common security libraries, security controls, and common security flaws;Experience performing software security reviews and implementing security solutions;Understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS);Familiarity with cloud security controls and best practices;Understanding of security engineering, system security, authentication and security protocols, cryptography, or application security;Prior experience with DAST and SAST software tools;Software development or scripting skills represent an advantage.Competencies: Excellent written and verbal communication skills – ability to explain technical solutions to both technical and non-technical audiences;Strong sense of ownership, urgency, and drive;Customer-focused and enjoy working as part of a team;Strong problem solving and analytical thinking - ability to diagnose and resolve ambiguous problems;Willingness to continuously improve skills;Willingness to support and coach less experienced members of you team; provide help when needed and criticize in a constructive manner.What’s in it for youAnnual Performance Bonus up to two salaries;Extra vacation days depending on the total length of working experience;Flextime – our own way of working;Monthly budget on Benefit platform;Growth opportunities:Defining a clear career path on short/ mid/ long term and identify the competencies you need to build/ develop to reach the next level: vertically – towards a managerial position or horizontally – towards an expert or architect level, locally or globally;Internal mobility is encouraged;Possibility to access International Short-Term Assignments or Long-Term Assignments;Upskilling/ reskilling programs;Learning & Development opportunities:Annual training & certifications budget;Pluralsight & e-learning platforms;Management talk sessions (6/ year) – hands-on workshops led by specialized consultants on different areas (e.g. leading difficult conversations, sense of belonging;CSR activities: tree planting, coding lessons for teenagers etc.