Application Security Engineer
Product – Banking Engine /
Mambu is the leading SaaS core banking engine. If you’re a customer of the largest digital bank in the EU, then you’ve probably interacted with our platform and didn't even know it. We are at the heart of what makes digital banks and lenders work - the system that processes banking transactions and updates accounts and other financial records from deposits to loans and credit balances. But we are different. We are not just cloud-native, lean and flexible - we are helping to revolutionise financial services globally. We are in a growth phase and we’ve only just begun.
To help us on our mission, we bring together people with the best skills and attitude. It doesn’t matter where you are from, what matters is the impact you have and your passion to make a difference.
To continue our success story we are looking for an Application Security Engineer to implement, enhance and manage security technologies, practices and training that support the mission to protect Mambu’s infrastructure and the information managed by the services. As an Application Security Engineer, you will collaborate with the Engineering team and with other infrastructure teams to detect, analyze, understand, mitigate and permanently fix vulnerabilities.
You will provide sufficient tools, practices and guidance so that engineers can autonomously improve security of Mambu environments and ensure security of the services.
- Assure trusted Mambu deliverables through internal activities
- Assure trusted Mambu deliverables through engagement with external experts
- Engineers trained on security matters
- Collaborate to secure software design and implementation practices definition
- Define threat models, perform risk analysis and mitigation workshops with stakeholders of new capabilities or product changes that may impact security (pre-implementation)
- Support teams that develop new capabilities in assessing their security maturity (security readiness check) through workshops
- Implement tooling to detect security vulnerabilities (during implementation) and integrate them seamlessly in the SDLC together with the Release team & enhance and manage them continuously
- Implement, enhance and manage remediation processes for various scanning types (OSA, SAST, IAST, production identified vulnerability issues - during & post implementation)
- Clarify and prioritize the security scope captured in contractual agreements or regulatory obligations to rapidly be market relevant and trusted, not perfect.
- Document application security controls and explain them in internal and external security audits
- Review changes inside the product organization (e.g. structure, processes) with an impact to software security
- Advice on external penetration test to ensure pentesters have a running system, know what to focus their test on and support them during the test
- Understand and triage reported vulnerabilities from different sources to respective teams
- Advice on vulnerability rating for reported vulnerabilities from different sources to respective teams
- Support teams by consulting on ways to fix vulnerabilities incl. their root cause
- Design and deliver training for security engineering awareness & adoption
- Design, maintain and deliver security practices to assure engineers can assess and fix vulnerabilities independently, understand attack vectors and possible vulnerabilities, can detect, mitigate, permanently correct and prevent security issues on all stages of the SLDC.
- Design and deliver training for security tooling
- Evangelize security practices
- Coordinate table-top exercises for security incidents
- Pair analysis for vulnerability confirmation & mitigation paths
- Pair programming for security aspects of new features, vulnerability mitigation or permanent fix
- Enable teams’ autonomy on security assurance in alignment with product security team’s agreements & practices
- Implement, enhance, manage metrics and dashboards demonstrating security posture and event activity.
You need to have:
- Knowledge of information security principles (ie. Confidentiality, Integrity, Availability) and their application in SaaS solutions (ie. cloud computing, web applications, networking).
- Solid hands on background in software engineering
- Knowledge of secure coding practices.
- Experience in conducting information security risk assessments for distributed, complex systems.
- Experience working in research and development environment.
- Capacity to find creative solutions that don't introduce security as a blocker;
- Proactive mindset and drive to find and address root causes;
- Positive and team-player attitude.
- Mambu has over 250+ live deployments, helping to revolutionise financial services in more than 46 countries globally, and we're just getting started;
- We understand nothing ensures our customers' success more than a happy team, so Mambu is built on a culture of trust and a sense of ownership in everything we do;
- Mambu proactively takes the initiative to improve the industry for the better;
- Mambu is using top tool for development activities;
- Because you want more, you want to know how your lines of code impact the world.
More about us:
To stay on top of the latest Fin-Tech trends and our success stories, please follow us on LinkedIn
For more details regarding our global career opportunities, please visit Career Site