Job VC
Application Security Engineer
Technologies
Description
PrivatBank
is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.
We are looking for an
Application Security Engineer.
We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.
We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.
Requirements:
At least 3 years of experience in application security or related fields such as penetration testing and security architecture
Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
Familiarity with the software development process and stages
Basic understanding of software code
Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
Understanding of major types of vulnerabilities
Understanding of software architecture
Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
Ability to independently research information and solve complex problems
Critical thinking skills
Responsibilities:
Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
Application security governance and metrics
Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
Improve our application security management platform
Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
Integrate and oversee security automation tools to enhance security processes and reduce manual error
Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
Track and manage software defects to ensure timely resolution of security-related issues
Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
Use cloud services for application security
We offer:
Work in the largest and most innovative bank of Ukraine
Official employment and 24+4 calendar days of vacation
Sick leave compensation
Medical Insurance
Competitive salary
Bonuses, premium according to company policy
Corporate training
Modern comfortable office
Interesting projects, ambitious tasks and dynamic growth
Corporate financial assistance in critical situations
A friendly professional and strong team
Possibility of remote work format
PrivatBank is open to support and employ veterans and people with disabilities.
We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.
We are ready to train veterans and candidates with disabilities without banking experience.
is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.
We are looking for an
Application Security Engineer.
We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.
We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.
Requirements:
At least 3 years of experience in application security or related fields such as penetration testing and security architecture
Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
Familiarity with the software development process and stages
Basic understanding of software code
Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
Understanding of major types of vulnerabilities
Understanding of software architecture
Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
Ability to independently research information and solve complex problems
Critical thinking skills
Responsibilities:
Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
Application security governance and metrics
Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
Improve our application security management platform
Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
Integrate and oversee security automation tools to enhance security processes and reduce manual error
Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
Track and manage software defects to ensure timely resolution of security-related issues
Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
Use cloud services for application security
We offer:
Work in the largest and most innovative bank of Ukraine
Official employment and 24+4 calendar days of vacation
Sick leave compensation
Medical Insurance
Competitive salary
Bonuses, premium according to company policy
Corporate training
Modern comfortable office
Interesting projects, ambitious tasks and dynamic growth
Corporate financial assistance in critical situations
A friendly professional and strong team
Possibility of remote work format
PrivatBank is open to support and employ veterans and people with disabilities.
We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.
We are ready to train veterans and candidates with disabilities without banking experience.