Software Security Engineer - IT Security Team @ING Tech in Bucuresti

Discover ING TECHING Tech Romania is ING’s global hub for technology established in 2015. Focused on building strategic key capabilities, the hub provides approximately 121 services for 24 ING units globally. These services are grouped in the following main categories: software development; data management; non-financial risk & compliance and audit. Now, in 2021, our fast-growing organization gathers more than 1000 high-performing engineers and non-financial risk & compliance specialists that work together in global tribes.The MissionKeeping the company safe, secure and compliant is a top priority at ING.The Software Security team is responsible for ensuring ING Tech Ro develops and maintains secure products and services. As part of the Software Security team, you will collaborate with different teams to support secure design and development practices, providing security subject matter expertise and education and instilling the core security mindset and culture. You will also employ a combination of static and dynamic analysis methodologies to identify and remedy complex vulnerabilities across our products and services, as well as collaborating and communicating with security expert peers across to help implementing best practices across the engineering organizationFollowing Software Security methodology, you will be responsible for:Main responsibilities: Define & maintain the relevant Software Security processes and standards: Define local software security policy and touchpoints Set the frameworks, libraries and tooling standards Define software security processes & governance Bridge the gap between global best practices from inside and outside of the organization with the internal way of working. Provide security training & awareness Help defining the communication plan in order to improve development engineers awareness Lead software security and awareness training sessions Provide guidance on existing and emerging threats in the web application domain. Evangelize software security requirements and guidance Security Assessments and Consultancy Setup the AST (application security testing) framework incl. SAST, DAST and Pen Test; Provide security advice for tooling (mainly in the area of CI/CD) Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified Provide deep level subject matter expertise for specific development languages based on potential implementation risks. Assist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions Act on CCERT alerts related to development (e.g. vulnerabilities in libraries/frameworks) – identify teams, address the threat etc. Act on and report to Cyber Crime Emergency Response Team in case of cybercrime related incidents Participate in audit reviews – provide advice/challenge the auditors recommendations, if the case. Tooling – robust knowledge on the following but not limited to: Static Application Security Testing – Fortify, Checkmarks, etc Dynamic Application Security Testing – Acunetix, Webinspect, etc Pen Testing – Burp Suite, etc Job Requirements:Knowledge and experience: Familiarity with common security libraries, security controls, and common security flaws.Experience performing software security reviews and implementing security solutions at the business division levelExperience with OWASP, static/dynamic analysis, and common security tools.Understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).Familiarity with cloud security controls and best practices.Understanding of security engineering, system security, authentication and security protocols, cryptography, or application security.Prior experience with DAST and SAST software tools.Basic development or scripting experience and skills. Competencies: Excellent written and verbal communication skills – ability to explain technical solutions to both technical and non-technical audiences;Strong sense of ownership, urgency, and driveCustomer-focused and enjoy working as part of a teamStrong capabilities to build internal confidence in a situation of constant changeStrong problem solving and analytical thinking - ability to diagnose and resolve ambiguous problems;Strong resilience to stress and constructive and collaborative mindset;Willingness to continuously improve skills;Willingness to support and coach less experienced members of you team; provide help when needed and criticize in a constructive manner;Support for creating a friendly work environment based on respect, trust and partnership values.