IT Security Engineer (Offensive Security)
Employee | Wholesale Banking | Professional | Singapore | Singapore Office | 2019-01-11 | 055055
Your role and work environment
The purpose of CoE IT Security is ensuring ING will be amongst the safest banks and will be seen as a leader in (IT) security. We assist WB Tech Globally in being successful in IT Risk and IT Security. Overall we ensure that IT Risk and IT Security is part of our DNA.
The CoE IT security is responsible for securing WB Tech environments globally. You help to create a cohesive IT Security Strategy, a roadmap for strategy implementation and you’re responsible for delivering security & risk awareness throughout WB Tech. You’re familiar with the application development process in order to identify security flaws as part of penetration testing activities and also to perform security assurance of platforms used by DevOps teams.
Your key responsibilities
Together with the people in your squad, you are responsible for implementing IT Security capabilities and delivering security & risk awareness throughout WB Tech. Preferably you have been a DEV or OPS engineer background in order to easily participate in various technical (security) discussions and drive the integration of IT Security in the DevOps way of working.
Your main responsibilities in IT Security are:
- Penetration testing of internal and external facing applications
- Assessment of network security and technical assurance of platforms security
- Testing as part of software acquisition and equipment management
- Configuration/build review activities
- Use social engineering to identify improvement for security awareness and education
- Research, document and discuss security findings with management and IT teams
- Establish continuous improvement feedback loops in response to discovered findings
- Provide feedback and verification as an organization fixes security issues
Your additional responsibilities are:
- Software development advisory
- Network and software architecture reviews and guidance
- Review and define requirements for information security solution
- Review current corporate policies and help redefine procedures for better security
- Researching to discover 0-days vulnerabilities
- Collaborate with various business partners including, but not limited to the blue teams, lines of business & control owners to make sure the impact of the risk is understood and managed.
We are looking for:
You are an energetic and proactive IT Security professional with a passion for the securing WB Tech environments and a positive, “Do it-Try it-Fix it” mentality. You are a natural team player who forms relationships based on social skills rather than hierarchical structure. Enhancing the security controls and ultimately make ING safer, is a challenge to you. Close cooperation with and between the DevOps squads is your greatest achievement.
You are an ambassador for IT Security around the Globe. This role requires emphasis on the following:
- You have excellent problem-solving skills and are passionate about IT Security.
- You are inspiring and show energy and passion.
- You are interested to bring one way of working regarding the implementation of IT Security & IT Risk controls across WB Tech countries.
- You are focused on cross border collaboration: you set aside your own 'ego' in the interests of achieving the best results - you help others to be successful.
- You are able to design technical Security solutions
Education and background
- Proven experience of delivering penetration tests on either infrastructure or applications in a global environment including scoping, execution, reporting and stakeholder management
- A personality and the capabilities to optimally function within an Agile environment
- Ability to work independently but also as part of a team
- An in-depth knowledge around standard infrastructure stack
- Good understanding of network protocols
- Knowledge of programming languages and/or scripting languages
- Expertise with common web application penetration testing tools
- Understanding of OWASP testing Guide / Open Source Security Testing Methodology Manual
- Professional and intellectual IT skills at bachelor or university level, preferably IT Master
- 4-5 years’ of relevant working experience as a security tester
- OSCP certification or equivalent
- Good written and spoken knowledge of English