IT Security Engineer (Software Security)
Employee | Wholesale Banking | Professional | Singapore | Singapore Office | 2019-01-11 | 055059
Your role and work environment
The purpose of CoE IT Security is ensuring ING will be amongst the safest banks and will be seen as a leader in (IT) security. We assist WB Tech Globally in being successful in IT Risk and IT Security. Overall we ensure that IT Risk and IT Security is part of our DNA.
The CoE IT security is responsible for securing WB Tech environments globally. You help to create a cohesive IT Security Strategy, a roadmap for strategy implementation and you’re responsible for delivering security & risk awareness throughout WB Tech. You’re familiar with the application development process in order to be able to participate in various discussions and drive the integration of IT Security in the DevOps way of working.
Your key responsibilities
Together with the people in your squad, you are responsible for implementing IT Security capabilities and delivering security & risk awareness throughout WB Tech. Preferably you have been a DEV or OPS engineer background in order to easily participate in various technical (security) discussions and drive the integration of IT Security in the DevOps way of working.
Your main responsibilities in IT Security are:
· Define local software security policy in alignment with global policy
· Set the frameworks, libraries and tooling standards
· Maintain and improve open source software security
· Define software security processes & governance in collaboration with local CISO
· Provide face to face software security trainings to employees to improve development engineers awareness
· Set up and drive the local security champions programme to ensure a scalable software security initiative
· Provide guidance on existing and emerging threats in the web application domain
· Setup the application security testing framework – SAST and DAST
· Perform software security self-assessments using industry best practice software security maturity models in collaboration with local CISO
· Participate in global security engineering guilds to harmonize software security practices
· Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
· Provide deep level subject matter expertise for specific development languages based on potential implementation risks
· Assist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions
· Automate and simplify Security & Risk Controls
· Designing technical Security Solutions
Your additional responsibilities are:
· IT & Sec Risk Assessment
· Drive Control Implementation
· Key Control Testing
· Data Analysis & Reporting
· Server & Endpoint Security (incl. malware protection, HIPS, hardening)
· Network Security (incl. firewalls, malware protection & IDS, segmentation)
We are looking for:
You are an energetic and proactive IT Security professional with a passion for the securing WB Tech environments and a positive, “Do it-Try it-Fix it” mentality. You are a natural team player who forms relationships based on social skills rather than hierarchical structure. Enhancing the security controls and ultimately make ING safer, is a challenge to you. Close cooperation with and between the DevOps squads is your greatest achievement.
You are an ambassador for IT Security around the Globe. This role requires emphasis on the following:
· You have excellent problem-solving skills and are passionate about IT Security.
· You are inspiring and show energy and passion.
· You are interested to bring one way of working regarding the implementation of IT Security & IT Risk controls across WB Tech countries.
· You are focused on cross border collaboration: you set aside your own 'ego' in the interests of achieving the best results - you help others to be successful.
· You are able to design technical Security solutions
Education and background
· A personality and the capabilities to optimally function within an Agile environment
· Experience with application security toolset – Fortify, Checkmarx CxSAST, Acunetix, Webinspect
· Your preferable background is Dev Engineer in Agile teams or you have understanding of the full Software Development Life Cycle as IT Security engineer
· Professional and intellectual IT skills at bachelor or university level, preferably IT Master
· 2-3 years’ of relevant working experience as DevOps engineer or as IT Security engineer
· SANS GSSP-Java/Net or CSSLP certification or relevant certifications from other vendors is a plus
· Good written and spoken knowledge of English