IT Security Engineer

Your role and work environment

You will be part of Tribe Lending Control squad, an Expert Group composed of different roles within the Tribe Lending. As a member of the squad, you are expected to contribute to ensure Tribe Lending complies to its security and risks requirements. You will coordinate with different squads and groups and drive discussions related to IT security and IT risks. You’re familiar with the application development process in order to be able to participate in various discussions and drive the integration of IT Security in the DevOps way of working.

Your key responsibilities

Together with the people in your squad, you are responsible for implementing IT Security capabilities and delivering security & risk awareness throughout WB Tech. Preferably you have been a DEV or OPS engineer background in order to easily participate in various technical (security) discussions and drive the integration of IT Security in the DevOps way of working.

You are responsible in ensuring that Tribe Lending risk score falls within its risk appetite. You need to work together with DevOps engineers, product owners, asset owners, IT security and IT Risk management to be effective in the role. You need to have a great background in IT Security governance to ensure that vulnerabilities, patch management, technical compliance, risks controls are aligned with the policy and standards of ING.

Your main responsibilities in IT Security are:

• Define local software security policy in alignment with global policy
• Provide face to face software security trainings to employees to improve development Engineers awareness
• Provide guidance on existing and emerging threats in the web application domain
• Setup the application security testing framework – SAST and DAST
• Perform software security self-assessments using industry best practice software security maturity models.
• Participate in global security engineering guilds to harmonize software security practices
• Assess applications for design related security risks and assist teams in determining appropriate remediation for issues identified
• Provide deep level subject matter expertise for specific development languages based on potential implementation risks
• Assist in the execution of and review vulnerability scans and penetration test results, propose & agree upon mitigation actions
• Designing technical Security Solutions

• Act as a Security ambassador of Tribe Lending
• Manage vulnerabilities and technical compliance deviations within the Tribe Lending
• Guide and coordinate with different squads of Tribe Lending related to IT security and risks requirements (e.g., vulnerability patching, server technical compliance, penetration testing remediations, SOX requirements, BIA, Risk assessments) 
• Generate, analyze, and evaluate reports related to vulnerabilities, technical compliance deviations, security incidents, security analytics, high privilege accounts usage, ITIL problem and incident management, and threat advisory 
• Guide and coordinate with different squads of Tribe lending in gathering evidence for IT Security and risks controls (e.g., vulnerability patch report, technical compliance report, Asset owner/IT Custodian approvals)
• Participate and contribute to IT Security Guilds (e.g., Vulnerability Management, Technical Compliance Management, Security Monitoring)
• Coordinate with different groups within ING i.e., DevOps squads, Asset owners, Product owners, IT Security, IT Risk Management

Your additional responsibilities are:

• IT & Sec Risk Assessment
• Drive Control Implementation
• Key Control Testing
• Data Analysis & Reporting
• Network Security (incl. firewalls, malware protection & IDS, segmentation)

•    Conduct security awareness on squads on the importance of patching vulnerabilities and complying with technical compliance
•    Help IT Security on vulnerabilities and/or deviations that can and cannot be waive
•    Help squads in preparing and understanding the evidence required for a risks control
•    Improve the process of gathering evidence and squad coordination

We are looking for:

You are an energetic and proactive IT Security professional with a passion for the securing WB Tech environments and a positive, “Do it-Try it-Fix it” mentality. Enhancing the security controls and ultimately make ING safer, is a challenge to you. Close cooperation with and between the DevOps squads is your greatest achievement.

You are an ambassador for IT Security around the Globe. This role requires emphasis on the following:

• You have excellent problem-solving skills and are passionate about IT Security.
• You are inspiring and show energy and passion.
• You are interested to bring one way of working regarding the implementation of IT Security & IT Risk controls across WB      Tech countries.
• You are focused on cross border collaboration: you set aside your own 'ego' in the interests of achieving the best results -     you help others to be successful.
• You are able to design technical Security solutions

Education and background:

• Experience with application security toolset – Fortify, Checkmarx, Webinspect, Nessus
• You have understanding of the full Software Development Life Cycle as IT Security engineer
• Professional, intellectual IT and analytical skills at bachelor or university level
• 5 years’ of relevant working experience as IT Security engineer
• SANS GSSP-Java/Net or CSSLP, CISSP certification or relevant certifications from other vendors is a plus
• Good level of knowledge on the local regulatory guidelines and notices related to Information Security, Cyber-Risk, SDLC    etc.
•    Candidate must possess at least a Bachelor's/College Degree , Computer Science/Information Technology or equivalent.
•    At least 1 year(s) of working experience in the related field is required for this position.
•    Preferably 1-4 Yrs Experienced Employees specializing in IT/Computer - Software or equivalent.
•    Full-Time position(s) available.
•    Experience in people management
•    Experience in organizing, facilitating, and coordinating security and risks requirements with different stakeholders
•    Good communicator and influencing skills
•    Knowledgeable in MS Office and security tools (e.g. Nessus, Checkmarx. WebInspect)
•    Knowledgeable in latest IT technology and process (e.g. public/private cloud, containerization, CI/CD, Agile, message queue, DBaaS, IAMaaS) 
•    Preferably with Dev, Ops and/or Security background