Application Security Engineer in PrivatBank

PrivatBank is the largest bank in Ukraine and one of the most innovative banks in the world. Takes leading positions in all financial indicators in the industry and accounts for about a quarter of the country's entire banking system.

We are looking for an Application Security Engineer who is eager to work in a dynamic environment and shares the values of mutual trust, openness and initiative.

We are looking for a focused professional who can work in a quality and result-oriented manner.

Main responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and assess levels of compliance across the organization
• Develop and implement strategic plans to increase security maturity across the organization with incremental improvements
• Manage application security
• Collaborate with various team members including developers and senior management to promote and implement application security best practices
• Enhance the application security management platform
• Manage the security architecture, focusing on security integration at each stage of the software development life cycle
• Integrate and control security automation tools to improve security processes and reduce errors
• Control security testing at various stages of software development to identify and mitigating potential security vulnerabilities
• Participating in threat modeling activities to predict and neutralize potential security threats before they affect the system
• Ensuring compliance with industry standards and regulations by regularly updating security policies and standards
• Tracking and managing software defects to ensure timely problem resolution, security-related
• Develop and deliver a training and awareness program to improve security knowledge and practices within the organization
• Lead the secure integration of CI/CD practices into software development processes to achieve continuous security
• Using cloud services for application security

Essential Requirements:

• 3+ years of experience in application security or related fields such as penetration testing and security architecture
• Experience using vulnerability scanners such as SAST, DAST, SCA, Secret Detection and Container scanning
• Experience integrating scanners vulnerabilities in CI/CD pipelines using Jenkins for GitLab
• Experience in software development including developer, business analyst, architect, DevOps, etc.
• Certifications CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. (buildis an advantage)
• Knowledge of the Secure Software Development Life Cycle (S-SDLC) and frameworks such as OWASP SAMM, BSIM and Microsoft SDL
• Knowledge of the software development process and stages
• Knowledge of key infrastructure components such as databases, queues, application servers, load balancers, NoSQL, etc.
• Knowledge of network protocols such as such as DNS, HTTP/S, SMTP, SSH, and FTP
• Basic understanding of software code
• Understanding the main types of vulnerabilities
• Understanding software architecture
• Ability to independently research information and solve complex problems
• Critical thinking skills

We offer our employees:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24+4 calendar days of vacation
• Competitive salary
• Medical insurance and corporate mobile contact
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic development
• Friendly professional team and strong team

PrivatBank is open to support and employment of veterans and veterans, as well as people with disabilities.

We do not accept discrimination based on health and physical abilities, age, race or ethnicity, gender and marital status.

We are willing to train veterans and candidates with disabilities without banking experience.

If you have the status of a person with a disability or a veteran, contact [email protected]. PrivatBank specialists will provide consultation and support during the selection process and after employment.