Application Security Engineer

PrivatBank is the largest bank in Ukraine and one of the most innovative banks around the world. It holds a leading position for all the financial indicators in the area and comprises about a quarter of the whole banking system of our country.

We are looking for an Application Security Engineer. We are searching for the person who seeks to work in a dynamic environment and shares the values of initiative, openness and mutual trust.

We are striving to find a goal-oriented and multitask professional who would be focused on making good results and high quality.

Requirements:

• At least 3 years of experience in application security or related fields such as penetration testing and security architecture
• Proficiency in using security scanners such as SAST, DAST, SCA, Secret Detection, and Container scanning
• Experience integrating security scanners in CI/CD pipelines using Jenkins for GitLab
• Certifications such as CEH, OSCP, CSSLP, AWS Certified Security Specialty, etc. is preferred
• Background in software development, including roles such as Developer, Business Analyst, Architect, DevOps, etc
• Knowledge of Secure Software Development Life Cycle (S-SDLC) and frameworks like OWASP SAMM, BSIM, and Microsoft SDL
• Familiarity with the software development process and stages
• Basic understanding of software code
• Knowledge of key infrastructure components like databases, queues, application servers, load balancers, NoSQL, etc
• Understanding of major types of vulnerabilities
• Understanding of software architecture
• Knowledge of network protocols such as DNS, HTTP/S, SMTP, SSH, and FTP
• Ability to independently research information and solve complex problems
• Critical thinking skills

Responsibilities:

• Conduct security audits using the OWASP SAMM framework to assess current practices, identify gaps, and evaluate compliance levels within the organization
• Develop and implement strategic plans aimed at enhancing security maturity levels throughout the organization, with gradual improvements
• Application security governance and metrics
• Collaborate with various team members, including developers and top management, to advocate and implement application security best practices
• Improve our application security management platform
• Manage security architecture, focusing on integrating security at every stage of the software development lifecycle
• Integrate and oversee security automation tools to enhance security processes and reduce manual error
• Oversee security testing across various stages of software development to identify and mitigate potential security vulnerabilities
• Engage in threat modeling activities to predict and neutralize potential security threats before they impact the system
• Ensure compliance with relevant industry standards and regulations by regularly updating security policies and standards
• Track and manage software defects to ensure timely resolution of security-related issues
• Develop and conduct training and awareness programs to enhance security knowledge and practices across the organization
• Spearhead the secure integration of CI/CD practices into software development processes to ensure continuous security
• Use cloud services for application security

We offer:

• Work in the largest and most innovative bank of Ukraine
• Official employment and 24 calendar days of vacation
• Sick leave compensation
• Medical Insurance
• Competitive salary
• Bonuses, premium according to company policy
• Corporate training
• Modern comfortable office
• Interesting projects, ambitious tasks and dynamic growth
• Corporate financial assistance in critical situations
• A friendly professional and strong team
• Possibility of remote work format

PrivatBank is open to support and employ veterans and people with disabilities.

We believe that discrimination due to health conditions, physical abilities, age, race and ethnicity, gender or marital status is unacceptable.

We are ready to train veterans and candidates with disabilities without banking experience.