Application Security Engineer

The job in short

Looking for a journey instead of a job? Then let’s talk! We are THE pioneers in banking tech. We see opportunities and take the leap. Having the guts to push limits and break barriers to make things happen. We learn and reinvent ourselves for maximum impact, never giving up. We are creators, with a customer-centric mindset that love what they do and bring fun to any challenge. Together we kick ass, have fun and feel proud when our vision is delivered. Next day - we wake up and raise the bar a little higher. Are you ready?

As an Application Security Engineer you’ll be part of the team of security engineers working to ensure we build, maintain and deploy secure software that is used by millions of users around the globe. If you have a hacker mindset, are passionate about security and always looking to extend your knowledge, then this is the place for you.

Meet the job

No day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, you’ll need to stay on your toes and ahead of the game.

Your core responsibility is to analyze the software from a security perspective and to identify and resolve security issues. You help maintain the secure SDLC with its tools and processes. You validate that application security requirements have been met. You have a good understanding of application security and common application security vulnerabilities. You provide guidance to developers and QA engineers on secure coding, security testing and working with security tools. 

How about you

● Good understanding of application security and common application security vulnerabilities;
● Good understanding of frontend, backend and mobile security domains and you’re an expert in one of them;
● Good understanding of DevOps and cloud native technologies;
● Successful track record in identifying, triaging and resolving application security issues;
● A background in development and a good understanding of the SDLC;
● English language on a professional level, written and spoken.

We’ll be delighted if you bring experience in the following topics but otherwise these would be opportunities for you to grow your knowledge working in the security team:
● Implementing OWASP ASVS/M-ASVS and SKF;
● Implementing SAST, SCA, IAST and RASP tools in the SDLC;
● Facilitating threat modeling sessions with the development teams;
● Pen testing web and mobile applications;
● Training and guiding developers on application security concepts;
● Relevant regulations such as GDPR and PCI-DSS.