Join us, and be at the forefront of digital defense!
Krakow-based opportunity with the possibility to work 100% remotely!
As a Secure Development Lifecycle Specialist, you will be working for our client, a leading global financial institution, within the Cybersecurity organization. Your primary focus will be to analyze and execute activities related to cybersecurity processes, controls, standards, and regulatory requirements.
Your main responsibilities:
- Contributing to the ongoing development and adoption of Automated Dynamic Application Security Testing (DAST) security scanning service
- Driving continual improvement in DAST security scanning product efficacy, coverage, and quality
- Supporting DAST security scanning product vision, strategy, and metrics
- Assisting in the creation of authentication scripts, using JavaScript and tool native scripting, to facilitate authenticated DAST web applications and APIs scanning
- Ensuring adherence to the three lines of defense organizational model with clear lines of responsibility, accountability, and segregation of duties
- Ensuring compliance with internal audit and external regulators to ensure organizational changes meet expectations
- Analyzing and executing activities to ensure compliance with Client’s Cybersecurity policies and standards
- Contributing to the identification and development of processes, procedures, and tools to strengthen the bank’s response to threats and incidents
- Assessing new technology products and projects utilizing security technologies pertinent to the department
- Acting as a role model to more junior members of the team
- Engaging with other Cybersecurity teams, senior management, and members of the Business when confronted with potential security issues
- Expanding skills, knowledge, and experience to enhance the overall capability of the function
You’re ideal for this role if you have:
- 3+ years of development experience in JavaScript
- 2+ years of experience in Dynamic Application Security Testing and related security scanning tools such as Invicti (Netsparker), Contrast, AppScan, etc.
- 2+ years of experience in consultancy and support to application teams including security scanning tool onboarding, vulnerability review and triage, false positive and rating challenges, scanning eligibility, and exceptions, etc.
- Strong understanding of general security concepts and principles and application-specific security concepts and principles
- Strong understanding of the Software Development Life Cycle (SDLC) with a focus on security
- Excellent understanding of platform-specific security risks, common vulnerabilities for web applications and microservices architecture, and their mitigations
- Proven troubleshooting ability
- Development and scripting experience (JavaScript)
- Understanding of common technologies, protocols, and architectures used by web applications and APIs (HTML, XML, JavaScript, JSON, REST, Microservices, etc.)
- Knowledge of the Common Vulnerability Scoring System (CVSS)
- Understanding of emerging technologies and corresponding security threats
- A degree in IT security
- Fluent English
It is a strong plus if you have:
- Professional qualifications such as CEH, CISSP, GIAC, or Cloud Security Certifications
#GETREADY to meet with us!
We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.
Internal number #4968
Internal number #4968
Adres:
SKYLIGHT BUILDING | ZŁOTA 59 | 00-120 WARSZAWA
BUSINESS LINK GREEN2DAY BUILDING | SZCZYTNICKA 11| 50-382 WROCŁAW
Kontakt:
INFO@ITDS.PL
+48 883 373 832