#1 Job Board for tech industry in Europe

  • Job offers
  • Automated Security Scanning Analyst
    Security

    Automated Security Scanning Analyst

    Kraków
    Type of work
    Full-time
    Experience
    Senior
    Employment Type
    B2B
    Operating mode
    Remote

    Tech stack

      Cybersecurity

      advanced

    Job description

    Automated Security Scanning Analyst

     

    Location: Cracow

    Contract Type: B2B

    Salary: 170PLN/hour - 200 PLN/hour 

    Work Model: Remote

     

    Big Bank Funding. FinTech Thinking.

    Our Technology teams collaborate closely with global businesses to help design and build digital services that allow millions of customers worldwide to bank quickly, simply, and securely. We also manage and run our IT infrastructure, data centers, and core banking systems that power one of the world’s leading international banks.

    Our multi-disciplined Technology teams include, among others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project, and program managers.

    Following extensive investment across our Technology and Digital domains, and with plans for continued expansion throughout 2023 and beyond, we are currently seeking a Secure Development Control Governance and Security Scanning Senior Manager to join our Cybersecurity team within Technology.


    Brief Overview of the Business Areas:

    Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well understood, and that controls to manage such events are defined, assessed, and implemented appropriately. Cybersecurity delivers this via objective, independent, professional, and specialized subject matter experts. The role forms part of the First Line of Defense (1LoD) in relation to the risk management framework.

    The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modeling), Cloud Security, and Third-Party Cybersecurity Assessment. This function drives the identification, capture, assessment, testing, and ultimately the remediation of security defects, gaps, and vulnerabilities across the estate in concert with business and technology teams – on-premise, within the Cloud, and resulting from third-party engagements.

    The Automated Security Scanning Analyst will be a key part of the Secure Development team, reporting to the Global Head of Cloud and Container Security. They will closely collaborate with peers across Cybersecurity and business development teams to enable the rapid build of secure technology products and services, thereby reducing risk by enabling early identification and remediation of security vulnerabilities.


    Key Responsibilities:

    • Defining and driving scanning product vision, strategy/roadmap, and metrics; balancing requirements around usability, productivity, security, and scale to create optimal experiences for engineering application teams.
    • Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes, and procedures.
    • Defining and maintaining scanning tool configuration, ruleset, and policy, and revising as required to minimize the false-positive ratio.
    • Leading and executing the creation, review, and maintenance of security scanning quality assurance approach and related documentation.
    • Planning and executing project roadmaps to enhance functionality and/or remediate identified security scanning product gaps.
    • Monitoring new product and technology trends, risk, and threat intelligence feeds to advance security capabilities while balancing an excellent user experience.
    • Driving development work to integrate systems.
    • Data analysis to identify patterns and trends in security-related findings.
    • Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational & Resilience Risk, CCO Technology, Cybersecurity Risk & Control Strategy, and Cybersecurity Business Engagement.


    What You Will Bring to the Role:

    To be successful in this role, you should have proven experience within the Technology sector with knowledge of the following skills:

    • Experience in DevSecOps, including Agile and Waterfall Software Development Life Cycle.
    • Experience in Cloud and/or Container Security review and Vulnerability assessment.
    • General experience in Cloud and Kubernetes.
    • Experience with the integration & automation of various security technologies, preferably Container Security Scanning (CONT), including Infrastructure scanning (INFRA), and tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc.).
    • Experience in cybersecurity principles, assessment, and triage for security flaws and common vulnerabilities for web and mobile applications.
    • Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
    • Some experience in development work utilizing a programming language, preferably Python.
    • Professional IT Security qualifications and/or certifications.
    • An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
    • An ability and interest in learning and experimenting with new approaches to vulnerability management in different contexts, across the organization's scale.
    • Experience working in international and diverse environments.
    • Experience engaging with business, technology, regional, and regulatory stakeholders.
    • Ability to communicate to executive leadership – effectively translating technical gaps into business risk.
    • Ability to prepare concise presentations and updates for senior management.
    • Influential, credible, and persuasive, active listener, and shows good judgment and high levels of communication skills to achieve effective stakeholder management.
    • Experience/understanding of threat modeling and third-party security assessments would be beneficial.
    • Good spoken and written communication and the ability to adapt style based on the audience (Fluent in spoken/written English).

    Location:

    The role-holder is expected to engage with stakeholders and their teams within the office; however, we operate a highly flexible working arrangement for the right candidate, whereby much of their time can be remote.


    Come Power a Business that Defines How to Power the World

    As a business operating in markets around the world, we believe diversity brings benefits for our customers, business, and people. We are committed to being an inclusive employer and encourage applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief, and sexual orientation.

    We want everyone to be able to fulfill their potential, which is why we provide a range of flexible working arrangements and family-friendly policies.

    You will have access to tailored professional development opportunities and a competitive pay and benefits package.

    Personal data relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

    Check similar offers

    ServiceNow Security and Access Administrator

    New
    Red Global
    Undisclosed Salary
    Warszawa
    , Fully remote
    Fully remote
    ServiceNow
    Information Security

    IT Cyber Security Consultant

    New
    Connectis
    3.66K - 4.88K USD
    Warszawa
    , Fully remote
    Fully remote
    MS STRIDE
    CISSP
    Azure

    Specjalista ds. bezpieczeństwa chmurowego

    New
    Bank Pocztowy
    Undisclosed Salary
    Bydgoszcz
    Landing Zone
    AWS
    Shield

    IT & Data Senior Manager - Cybersecurity R&I and QFS

    New
    DANONE
    Undisclosed Salary
    Warszawa
    risk analysis
    Risk Management
    Cybersecurity

    Junior Vulnerability Manager

    New
    Baloise Solution Hub
    2.32K - 4.39K USD
    Warszawa
    English
    MITRE ATT&C
    JFrog Xray