Secure Software development Expert (f/m/x)

Purpose Intro

DB Global Technology is Deutsche Bank’s technology centre in Central and Eastern Europe. Since its set-up in 2013, Bucharest Technology Centre (BEX) has constantly proven its capacity to deliver global technology products and services, playing a dynamic role in the Bank’s technology transformation.

We have a robust, hands-on engineering culture dedicated to continuous learning, knowledge-sharing, technical skill development and networking. We are an essential part of the Bank’s technology platform and develop applications for many important business areas.

TDI’s Chief Security Office is responsible for the creation, maintenance, and implementation of the information security strategy of Deutsche Bank Group. CSO steers the measures derived from the information security strategy and provides guidance to employees regarding the identification, development, implementation, and execution of all processes which serve to reduce information security risk, to respond to incidents, and to establish appropriate policies and standards for information security management.
 

You’ll be joining the Secure Software Development Team which is part of the Secure Design Function of the Enterprise Security Architecture & Enablement Department. The team’s purpose is to drive the efficient integration of security services into DBs Software Development Processes and Delivery Platform, and that security is embedded as early as possible in the SDLC.

Especially with the cloud journey, applications are supposed to move to the cloud and software developers look after the entire application stack where security must become integral.

With our DevSecOps initiative, we aim for full automated integration of our security features and tools. Secure Coding Standards, best practices and guidance for application development teams are further deliveries we provide to support security in software development.

This role is driving the “Shift-Left-Approach" to shift security responsibilities to those creating software and shifts it to the beginning of the process. The responsibility is to cover the E2E view, aligning with all relevant solution owners and cloud lead engineers to drive the technical integration of our security features in the development stack. With DB’s journey to cloud this has become increasingly important. 
 

Responsibilities

• Analyse the current development pipeline and recommend solution for improvements regarding our security stack through knowledge of current tools, standards, and research of industry trends.
• Continuously engage and influence the engineering communities, Security Champions and others by driving security awareness, security trainings, drop-in sessions, articles and workshops.
• Continuously engage and influence the engineering communities, Security Champions and others.
• Evaluate application threat modelling processes and collaborate with our threat intelligence and secure design colleagues to update as necessary.
• Collaborate with application owners and communities, information security specialists in our CSO organization, and other infrastructure teams.

Skills

• General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ISO27001, OWASP top 10 etc.
• Experience in Software Development - from idea to production to understand our developer’s customer journey.
• Good understanding of CI/CD processes and tools.
• You have a strong security culture and like spreading security solutions across teams.
• Self-driven behaviour and proactive.

Well-being & Benefits

Emotionally and mentally balanced: We support you in dealing with life crises, maintaining stability through illness, and maintaining good mental health.

• Empowering managers who value your ideas and decisions. Show your positive attitude, determination, and open-mindedness.
• A professional, passionate, and fun workplace.
• A modern office with fun and relaxing areas to boost creativity.
• Continuous learning culture with coaching and support from team experts.
• A culture where you can openly speak about mental health.

Physically thriving: We support you in managing your physical health by taking appropriate preventive measures and providing a workplace that helps you thrive. For example, Private healthcare and life insurance with premium benefits for you and discounts for your loved ones, healthier ways of working and check-ups.

Socially connected: We strongly believe in collaboration, inclusion and feeling connected to open up new perspectives and strengthen our self-confidence and well-being.

• 24 days holiday, loyalty days, and bank holidays (including weekdays for weekend bank holidays).
• Hybrid working model with 40% remote work.
• Options for flexible working hours.
• Enjoy retailer discounts, cultural and CSR activities, workshops, and more.

Financially secure: We support you in meeting personal financial goals during your active career and for the future.

• Competitive income, performance-based promotions, and a sense of purpose.
• Meal vouchers, bonuses for referrals

Interested in more: discover what our employees value in the Well-being & Benefits hub!

We strive for a Culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank.

We welcome applications from all people and promote a positive, fair and inclusive work environment.

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.