DevSecOps - Security Scanning Analyst

Join us, and safeguard our applications with advanced security measures!

Krakow-based opportunity with the possibility to work 100% remotely!

As a DevSecOps Security Analyst, you will be working for our client, a major global financial institution. You will be an integral part of the Secure Development team, contributing to the development and adoption of security utilities and tools. Your role will focus on enhancing the efficiency and security of development teams through hands-on technology use and providing key security recommendations.

Your main responsibilities:

• Developing and adopting security utilities and tools for development teams
• Contributing to the design, development, and support of security tools
• Liaising with developers and project managers to understand application implementations
• Staying updated with industry trends and best practices
• Training and supporting developer and security champion activities
• Overseeing changes in risk profiles through metrics and risk analysis
• Supporting quality reviews, audit requirements, and service desk management
• Integrating and automating various security technologies within DevOps tooling pipelines
• Contributing to process, procedure, and tool identification and development
• Ensuring security mechanisms are effectively employed in applications

You're ideal for this role if you have:

• Understanding of integration and automation of security technologies (SAST, DAST, MAST, IAST, container security tools) container security tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc.)
• Experience with DevSecOps and a focus on security
• Knowledge of platform-specific security risks and common vulnerabilities
• Understanding of common public cloud environments (AWS, GCP, Azure, Alicloud)
• Proficiency in identifying vulnerabilities within development pipelines
• Knowledge of Common Vulnerability Scoring System (CVSS)
• Experience with collaboration tools, preferably JIRA and Confluence
• Strong analytical skills, including attention to detail and problem-solving
• Knowledge of security flaws in Java, J2EE, Objective C, Swift, and Kotlin programming languages

It is a strong plus if you have:

• Understanding of emerging technologies and corresponding security threats
• Proficiency in one or more industry security tooling (Checkmarx, Invicti(Netsparker), Quokka(Kryptowire), IriusRisk, Aquasec, etc.)
• Experience with mobile application architectures (HTML, XML, JavaScript, JSON, REST, Microservices)

We offer you:

ITDS Business Consultants is involved in many various, innovative and professional IT projects for international companies in the financial industry in Europe. We offer an environment for professional, ambitious, and driven people. The offer includes:

• Stable and long-term cooperation with very good conditions 
• Enhance your skills and develop your expertise in the financial industry
• Work on the most strategic projects available in the market
• Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years
• Participate in Social Events, training, and work in an international environment
• Access to attractive Medical Package
• Access to Multisport Program
• Access to Pluralsight
• Flexible hours & remote work

Internal job number # 5345