Secure Development Lifecycle Specialist

Join us, and be at the forefront of digital defense!

Krakow-based opportunity with the possibility to work 100% remotely!

As a Secure Development Lifecycle Specialist, you will be working for our client, a leading global financial institution, within the Cybersecurity organization. Your primary focus will be to analyze and execute activities related to cybersecurity processes, controls, standards, and regulatory requirements.

Your main responsibilities:

• Contributing to the ongoing development and adoption of Automated Dynamic Application Security Testing (DAST) security scanning service
• Driving continual improvement in DAST security scanning product efficacy, coverage, and quality
• Supporting DAST security scanning product vision, strategy, and metrics
• Assisting in the creation of authentication scripts, using JavaScript and tool native scripting, to facilitate authenticated DAST web applications and APIs scanning
• Ensuring adherence to the three lines of defense organizational model with clear lines of responsibility, accountability, and segregation of duties
• Ensuring compliance with internal audit and external regulators to ensure organizational changes meet expectations
• Analyzing and executing activities to ensure compliance with Client’s Cybersecurity policies and standards
• Contributing to the identification and development of processes, procedures, and tools to strengthen the bank’s response to threats and incidents
• Assessing new technology products and projects utilizing security technologies pertinent to the department
• Acting as a role model to more junior members of the team
• Engaging with other Cybersecurity teams, senior management, and members of the Business when confronted with potential security issues
• Expanding skills, knowledge, and experience to enhance the overall capability of the function

You’re ideal for this role if you have:

• 3+ years of development experience in JavaScript
• 2+ years of experience in Dynamic Application Security Testing and related security scanning tools such as Invicti (Netsparker), Contrast, AppScan, etc.
• 2+ years of experience in consultancy and support to application teams including security scanning tool onboarding, vulnerability review and triage, false positive and rating challenges, scanning eligibility, and exceptions, etc.
• Strong understanding of general security concepts and principles and application-specific security concepts and principles
• Strong understanding of the Software Development Life Cycle (SDLC) with a focus on security
• Excellent understanding of platform-specific security risks, common vulnerabilities for web applications and microservices architecture, and their mitigations
• Proven troubleshooting ability
• Development and scripting experience (JavaScript)
• Understanding of common technologies, protocols, and architectures used by web applications and APIs (HTML, XML, JavaScript, JSON, REST, Microservices, etc.)
• Knowledge of the Common Vulnerability Scoring System (CVSS)
• Understanding of emerging technologies and corresponding security threats
• A degree in IT security
• Fluent English

It is a strong plus if you have:

• Professional qualifications such as CEH, CISSP, GIAC, or Cloud Security Certifications

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #4968