Senior Application Security Engineer

Senior Application Security Engineer Opportunity

ING Private Cloud is launching a new cloud security squad. We are looking for qualified Senior application security engineers with hands-on cloud and security backgrounds. We love taking on new challenges and leveraging new technologies. If you are looking to expand your career and knowledge, developing cloud security expertise while protecting millions of customers, then your place is here with us.

The team

You will become part of the new ING Private Cloud (IPC) security squad, entrusted with thousands of mission-critical systems and protecting over 37,000,000 customers around the globe. The squad will consist of (highly) skilled security professionals who will do research, train, and advise cloud engineers and tenants on full-stack cloud security. From hardening Infrastructure as Code, and enhancing DevSecOps in pipelines, to protection of homebrewed API service meshes. The team will work according to the agile way of working and in a prototyping culture. Researching new technologies, their inherent vulnerabilities, and best mitigation methodologies. The squad will set up security test environments, enhancing automated security validation. We love code - reading it and writing it. The squad will serve as secure code evangelists, sharing knowledge and assisting in defensive programming. From threat modeling to the development of custom in-code security controls.

Role and responsibilities

As an Application security engineer, you will be working in a team of multiple security engineers on several topics, including:

• Adding Automated Security Testing to existing build pipelines in various programming languages and tech stacks;
• Reducing the clutter of security alerts through data analysis and policy fine-tuning;
• Research & Advisory: Windows and Linux OS hardening;
• Research & Advisory: Container hardening;
• Research & Advisory: API security;
• Research & Advisory: Infrastructure as Code security;
• Building security testing environments;
• Security Awareness: Cloud & AppSec trainings on trending topics.

You will help reduce the risk for the organization by helping our DevOps teams deliver secure products. You will help create new strategic plans to be more efficient and work together with several other security departments under Global CISO, such as Secure Defense Centre, Penetration Testing, and Security monitoring squads. The strategic plans will be presented to the senior management.

You will coach your team members and your colleagues, bring them to the next level in their careers, and improve their security knowledge. You also will assist with the continuous improvement of the processes critical to the success of the team and you will align with other stakeholders in other domains including global CISO with your new initiatives.

How to succeed

We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.

• B.Sc or M.Sc. in Computer Science or equivalent job experience;
• Experienced in working in complex environments; (6/7 years of relevant experience)
• Strong analytic skills and ability to solve highly complex problems;
• Experience with OWASP coding and testing guidance;
• Experience deploying enterprise security testing solutions;
• Experience setting up build/test/data pipelines in cloud environments;
• Application security static and dynamic testing - pentest experience using ZAP / Burp and SAST tools;
• Proven experience with code security review covering at least Java, C#, Python, or Go;
• Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration;
• Knowledge of cloud security;
• Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.

Rewards and benefits

We want to make sure that it’s possible for you to strike the right balance between your career and your private life. The benefits of working with us at ING include:

• A salary tailored to your qualities and experience
• 24-27 vacation days depending on contract
• Pension scheme
• 13th month salary
• Individual Savings Contribution (BIS), 3.5% of your gross annual salary
• 8% Holiday payment
• Personal growth and challenging work with endless possibilities
• An informal working environment with innovative colleagues
• Work Agile, so new ideas come to life faster