Application Security Specialist

As our Application Security Specialist, you'll dive into interesting security challenges, help shape new approaches, and contribute to building secure, high-quality products for our customers.

Key Roles and Responsibilities

Trust Bank is enhancing our cyber security capabilities with best-in-class practices that keep pace with our fast-moving, innovative business. You'll combine technical expertise with strategic thinking to help our development teams build secure applications without slowing them down.

You'll be part of a close-knit security team that embraces modern approaches - cloud-native designs, DevSecOps, and agile development. In our decentralized DevOps culture, you'll be the security expert that developers and product owners turn to, making security compliance straightforward and ensuring everyone has the knowledge they need. You'll work collaboratively across security and engineering teams to implement practices and metrics that reduce our application attack surface. You'll help shape and adapt our application security approach as we continue to grow, maintaining security effectiveness throughout.  You'll focus on securing our applications and the systems that build and deploy them. This means:

Application Security Toolchain

You'll select and maintain security tools for different projects:

• Static Analysis (SAST) and Dynamic Analysis (DAST) for code and running applications

• Open Source Security (OSS) scanning for dependencies

• Container & Kubernetes security for our cloud-native deployments

• API security, Web Application Firewalls, and DDoS protection

• External perimeter scanning for our deployed applications

• Security-focused chaos engineering tools

• Runtime application and container protection

Key Responsibilities

• You'll drive strategic application security initiatives, big projects that fundamentally change our approach to application security

• AI Security - We've got several use cases in production already, with more to come and our engineering team uses AI heavily in their work. We need to ensure it remains secure.

• Providing appropriate trainings and sharing with developers and engineers, including Secure Code Development programs

• Develop a network of Security Champions to facilitate velocity and security risk identification

• Review and develop a mature framework of development and testing practices around international standards such as OpenSAMM / BSIMM and OWASP ASVS, following a progressive maturity development approach adapted to each product's needs

• Supporting the triage of vulnerabilities to reduce false-positives, working with engineering teams to automate the build processes in order to facilitate the transparent remediation of vulnerabilities

• Work with security management and product to link Threat Models, risk registries, monitoring use cases and application security unit tests, working towards continuous assurance and compliance

 

In order to be successful at this role, you must have most of the following:

 

• 8+ years of overall experience with bulk of this experience focused on Application Security

• Programming background in Java/Kotlin and/or Python in enterprise environments and can read and understand Java/Kotlin and Python codebases

• Experience building, maintaining and deploying CI/CD pipelines and solutions for app deployment

• Comfortable with YAML, JSON and other markup languages and formats used in our deployment stack

• Extensive experience with vulnerabilities and advanced attacks relevant for financial services

• Comfortable with the use of AI in their own workflows, and understanding how AI is used in development workflows

• self-driven and keen to make an impact. Trust Bank moves quickly and there are opportunities everywhere
• a Strong communicator, you'll be working with everyone from developers to executives
  
  
• Work with developers to embed security best practices while maintaining development velocity

• Experience in regulated digital payment services, banking, or e-commerce is a good to have

• Background in monitoring, incident response and forensics in cloud environments (IaaS, Kubernetes, SaaS applications)

• Previous collaboration with and work within offensive security teams, including pentesting, bug bounties or red teaming

Role Specific Technical Competencies

• Programming background in Java/Kotlin and/or Python in enterprise environments and can read and understand Java/Kotlin and Python codebases

• Experience building, maintaining and deploying CI/CD pipelines and solutions for app deployment

• Comfortable with YAML, JSON and other markup languages and formats used in our deployment stack

• Background in monitoring, incident response and forensics in cloud environments (IaaS, Kubernetes, SaaS applications)