Application Security Engineer

Application Security Engineer
Mambu, Netherlands

Experience
1 Year
Salary
0 - 0
Job Type
Temporary/Contract Job
Job Shift
Morning Job
Job Category
Bank
Traveling
No
Career Level
Non-Managerial
Telecommute
No
Qualification
As mentioned in job details
Total Vacancies
1 Job
Posted on
Feb 19, 2021
Last Date
Mar 19, 2021
Location(s)
Amsterdam, Netherlands

Job Description

Mambu is the leading SaaS core banking engine. If you’re a customer of the largest digital bank in the EU, then you’ve probably interacted with our platform and didn't even know it. We are at the heart of what makes digital banks and lenders work - the system that processes banking transactions and updates accounts and other financial records from deposits to loans and credit balances. But we are different. We are not just cloud-native, lean and flexible - we are helping to revolutionise financial services globally. We are in a growth phase and we’ve only just begun.

To help us on our mission, we bring together people with the best skills and attitude. It doesn’t matter where you are from, what matters is the impact you have and your passion to make a difference.

To continue our success story we are looking for an Application Security Engineer to implement, enhance and manage security technologies, practices and training that support the mission to protect Mambu’s infrastructure and the information managed by the services. As an Application Security Engineer, you will collaborate with the Engineering team and with other infrastructure teams to detect, analyze, understand, mitigate and permanently fix vulnerabilities. 

You will provide sufficient tools, practices and guidance so that engineers can autonomously improve security of Mambu environments and ensure security of the services.

You will

  • Assure trusted Mambu deliverables through internal activities
- Collaborate to secure software design and implementation practices definition
- Define threat models, perform risk analysis and mitigation workshops with stakeholders of new capabilities or product changes that may impact security (pre-implementation)
- Support teams that develop new capabilities in assessing their security maturity (security readiness check) through workshops
- Implement tooling to detect security vulnerabilities (during implementation) and integrate them seamlessly in the SDLC together with the Release team & enhance and manage them continuously
- Implement, enhance and manage remediation processes for various scanning types (OSA, SAST, IAST, production identified vulnerability issues - during & post implementation)
- Clarify and prioritize the security scope captured in contractual agreements or regulatory obligations to rapidly be market relevant and trusted, not perfect.
- Document application security controls and explain them in internal and external security audits
- Review changes inside the product organization (e.g. structure, processes) with an impact to software security

  • Assure trusted Mambu deliverables through engagement with external experts
- Advice on external penetration test to ensure pentesters have a running system, know what to focus their test on and support them during the test
- Understand and triage reported vulnerabilities from different sources to respective teams
- Advice on vulnerability rating for reported vulnerabilities from different sources to respective teams 
- Support teams by consulting on ways to fix vulnerabilities incl. their root cause

  • Engineers trained on security matters
- Design and deliver training for security engineering awareness & adoption
- Design, maintain and deliver security practices to assure engineers can assess and fix vulnerabilities independently, understand attack vectors and possible vulnerabilities, can detect, mitigate, permanently correct and prevent security issues on all stages of the SLDC.
- Design and deliver training for security tooling 
- Evangelize security practices
- Coordinate table-top exercises for security incidents
- Pair analysis for vulnerability confirmation & mitigation paths
- Pair programming for security aspects of new features, vulnerability mitigation or permanent fix
- Enable teams’ autonomy on security assurance in alignment with product security team’s agreements & practices
- Implement, enhance, manage metrics and dashboards demonstrating security posture and event activity.

You need to have:

  • Knowledge of information security principles (ie. Confidentiality, Integrity, Availability) and their application in SaaS solutions (ie. cloud computing, web applications, networking).
  • Solid hands on background in software engineering
  • Knowledge of secure coding practices.
  • Experience in conducting

Job Specification

Job Rewards and Benefits

More Jobs like this Job

Jobs in Amsterdam Netherlands
Jobs in this company

Mambu

Information Technology and Services - Amsterdam, Netherlands
© Copyright 2004-2024 Mustakbil.com All Right Reserved.